> Specifically, a malicious hypervisor can selectively drop any writes of an AMD SEV-ES and SEV-SNP guest that occurred at an attacker-chosen point<p>This strikes me as the thing that Raymond Chen calls "being on the other side of this airtight hatchway" [0]. That is, if you've already got control of the Hypervisor then ... you can do anything you want to the guest operating systems. Right?<p>0: <a href="https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31283" rel="nofollow noreferrer">https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31...</a>
Whenever I see something like this I'm always reminded about Theo de Raadt's, of OpenBSD fame, opinion on the topic:<p><a href="https://marc.info/?l=openbsd-misc&m=119318909016582" rel="nofollow noreferrer">https://marc.info/?l=openbsd-misc&m=119318909016582</a>
These things seem to go in pairs, as there is currently a new Intel CVE on the frontpage too. Someone in the Intel thread mentioned that the underlying issue may be x86 having more and more stuff piled on top of it. That's been great for compatibility, but I'm wondering if it might be worth Intel/AMD making an x86 lite that strips everything but the necessary instructions.
<i>In other words, this means that computations in the cloud can be performed on confidential data even if the cloud provider is untrusted or compromised.</i><p>Cloud is always "someone else's computer", regardless what stupid DRM-ish crap they come up with to try to pretend that it's not. This tech only benefits the rent-seekers who try to distort the concept of ownership.<p>In other words, this is nothing worth worrying about.