[tux3]

I wonder if I can use this against Intel SGX/AMD SEV-SNP :)

These are hardware features where a private key is hardcoded in the chip and never supposed to be revealed. You can ask the chip to sign things for you. It has some anti-tampering measures, but it might be possible to induce faults without too much effort, if you apply heat, EM ("cosmic rays"), and play with voltage/frequency a little

[hannob]

Well, yeah, you can: https://www.plundervolt.com/doc/plundervolt.pdf Paper is from 2019.

[hedora]

It also works against the analogous technology for ARM (2017):

https://www.usenix.org/conference/usenixsecurity17/technical...

The researchers made an app that can run as a normal user and extract the hardware enclave’s private key.

[tux3]

I remember they fixed that one, but plundervolt is more finely targeted, like a traditional glitch attack. The fun thing with this attack is we just need a little bit of corruptions everywhere, and some broken signatures might make it through!

DVFS aside, there's plenty of ways to stress and CPU and cause random errors. I don't know whether their RSA implementation protects against this attack, though.