back to article AMD virty encryption not quite there, claim boffins

A couple of German boffins have taken a good look at AMD's Secure Encrypted Virtualization (SEV), and don't like what they see. As AMD's Brijesh Singh explained to the Linux driver project mailing list in April, SEV extends the AMD-V architecture when multiple VMs are running under a hypervisor: “SEV hardware tags all code and …

  1. alain williams Silver badge

    AMD SEV safe on trusted cloud provider

    To me that would be the whole point on SEV - protect yourself from a provider that has been spooked and forced to blab what you are doing to the NSA or the Pry Minister's snoop enhanced Food Standards Agency (OK: not in the current bill, but that hasn't stopped them in the past).

    1. Indolent Wretch

      Re: AMD SEV safe on trusted cloud provider

      Yes that's what I thought they were targeting to. The researcher seems to have done a classic "this thing does the thing its meant to do well but doesn't do the thing I was interested in therefore its a failure" routine.

      Either way it still sounds a lot better than not having it.

      1. joed

        Re: AMD SEV safe on trusted cloud provider

        Maybe it'll - at least - limit possibility/impact of malicious guest accessing memory of another guest hosted on the same hardware.

  2. Anonymous Coward
    Anonymous Coward

    Wait...

    So they've actually been able to compromise SEV? Or is this just an academic "maybe this could happen" exercise? (Along the lines of the ones where they say all you need is physical access to pull it off.)

    1. admiraljkb

      Re: Wait...

      They did some real world testing. But basically you've got it - under normal circumstances with SEV you are much better off. The VM(s) are shielded against other VM(s) on the same host with the proviso that the underlying host has NOT been compromised. Of course, if the underlying host is compromised, you're bantha poodoo anyway, so...

      1. Long John Baldrick

        Re: Wait...

        They didn't even do real world testing. From abstract: To do so, we developed a model of SEV's security capabilities based on the available documentation as actual silicon implementations are not yet on the market.

  3. ZeroDrop

    What's the problem?

    Obvious thing is, if SEV is not yet available to the market, doesn't matter how much security fails they find, considering that the final product to be launched doesn't have them.

    In fact, is a good sign they're finding vulnerabilities: because this way AMD have the opportunity to fix them before launching SEV as a final product. Am I wrong?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like