Does anyone know what mode of AES that SEV (or SME) uses?<p>I have been reading though all of AMD's documents, and I cannot find what mode of AES that SEV (or SME) uses. I find it extremely odd that this is not called out in any of AMD's documents, and frankly a bit worrisome.<p>For the record, "A Comparison Study of Intel SGX and AMD Memory Encryption" [1] claims a modified version of AES-ECB is what SEV uses, BUT their reference links to AMD's whitepaper [2], which does NOT say anything about their mode, so I do not consider [1] to be a trustworty resouce.<p>[1] <a href="https://caslab.csl.yale.edu/workshops/hasp2018/HASP18_a9-mofrad_slides.pdf" rel="nofollow">https://caslab.csl.yale.edu/workshops/hasp2018/HASP18_a9-mof...</a><p>[2] <a href="https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf" rel="nofollow">https://developer.amd.com/wordpress/media/2013/12/AMD_Memory...</a>
What is the attack Vector that this solution prevent ?<p>Am I missing something obvious ?<p>Will it prevent Google from being able to have a Root access to the VM?<p>From my understanding it does not seem to protect from Google. If they are still able to have a Root Access to the VM it does not matter if the memory is encrypted or not.<p>The only thing that I see, is in case of a spectre/meltdown vulnerabilty where the isolation of the RAM fails...
Technology, technology, blah blah blah.<p>Tell me this: will Google indemnify you against all your losses proportional to the amount they are to blame?<p>i.e. if you lose $50 million because you relied on Google's "confidential VM" and an investigation shows it's 100% because Google didn't protect the VM, do you get a year's worth of fees back or $50MM?
May as well note: SEV relies on AMD-signed vendor firmware blobs. This means that AMD, or anyone who can get their keys, can compromise the security of SEV.
They state in the press release:<p>> With the beta launch of Confidential VMs, we’re the first major cloud provider to offer this level of security and isolation while giving customers a simple, easy-to-use option for newly built as well as “lift and shift” applications.<p>How is Google's offering different from the Confidential Compute Microsoft already offers?[1]<p>[1] <a href="https://azure.microsoft.com/en-us/solutions/confidential-compute/" rel="nofollow">https://azure.microsoft.com/en-us/solutions/confidential-com...</a>
> Confidential VMs leverage the Secure Encrypted Virtualization (SEV) feature of 2nd Gen AMD EPYC™ CPUs<p>Powered by AMD. I wonder who will leverage this next.
So what does SEV actually protect against?<p>Something like heartbleed would still happily decrypt and transmit confidential data.<p>Something like speculative side channel attacks would still speculate on the unencrypted memory right?<p>Rowhammer would still flip bits, but now one bit flipping would turn an entire 128 bit block into garbage when decrypted? It seems like that would at least make rowhammer a lot harder to exploit into a privilege escalation. ECC memory already gave some limited protection here.
This seems a move to make people handling sensitive data (E.g. healthcare and insurance) make sure they have peace of mind and can tick the box “security and privacy” off? Even neutralising the potential issue of being linked with the omniscient google? How will MS and AWS respond will be interesting.
This is using SEV-ES (SEV2) which is vulnerable to the severe attack described last year in [1], and unfixable due to the lack of antirollback functionality.<p>Only SEV-SNP [2] is supposed to address it, but only on new silicon which doesn't exist yet, and that probably not even Google has.<p>So why is Google releasing this feature if it is so flawed?<p>[1] <a href="https://arxiv.org/pdf/1908.11680.pdf" rel="nofollow">https://arxiv.org/pdf/1908.11680.pdf</a><p>[2] <a href="https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf" rel="nofollow">https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthen...</a>
Is SEV really a "breakthrough technology"? AMD was far from the first to do this, and you have to trust AMD to have implemented this correctly and not be backdoored or cooperating with the US government to believe it's really secure.
<i>Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU).</i><p>Aren't Amazon's Graviton 2 processors specified to do this too?