|
|
|
|
|
|
by libroot
247 days ago
|
|
|
No, these encrypted VMs are not protected from buggy or malicious on-die components. SEV assumes that the SoC hardware is trusted.[1] And we don't even have to go that deep: both AMD SEV and Intel's equivalent, Intel SGX, have historically been vulnerable to side-channel and speculative-execution attacks, among others, that can undermine their isolation guarantees.[2] [1]: "As with the previous SEV and SEV-ES features, under SEV-SNP the AMD System-on-Chip (SOC) hardware, the AMD Secure Processor (AMD-SP), and the VM itself are all treated as fully trusted." https://www.amd.com/content/dam/amd/en/documents/epyc-busine... [2]: https://libroot.org/posts/trusted-execution-environments/ |
|
|
nice overview article btw
backdoors in the supply chain are always hard to avoid but if it can't even protect against third-party attackers including any of the hardware attached what's the point