| > Is there anything else to these confidential machines other than feel-good, security theater or certification checkmarks? > Maybe I'm overly cynical, but I don't quite understand the target audience. No, that sounds about right. Google Cloud's confidential computing is essentially a wrapper for AMD Secure Encrypted Virtualization (along with auditing tools), which is meant to be a physical protection measure. It can potentially protect against an attack like Rowhammer or Meltdown, but beyond that, Confidential Computing is primarily a protection mechanism if your threat model includes Google's own admins, which it might if you're in a heavily-regulated industry and have to tick a bunch of audit check boxes. More critically, this can make cloud hosting an option for industries that previously rejected it due having to outsource system management to a third party. I don't know of any off-hand, but I have no doubt that they exist. That being said, the allure of AMD SEV is that it provides encryption-in-use without worrying about performance, redesigning your applications, or overall having to think about it too much. If it's just a toggle you can flip and move on to other things, does it matter if the security benefit is only theoretical? |
SEV can not protect against Rowhammer style issues because there is no cryptographic integrity protection on these implementations. That said, exploiting one or several bit flips in a cache line’s worth of encrypted memory is not trivial.