AMD’s SEV Virtual Machine Encryption is Defeated

2 Min Read

German security specialists claim to have discovered another attack against virtual machines  that are utilizing AMD’s Secure Encrypted Virtualization (SEV) innovation that could enable hackers to recover plaintext memory data from guest VMs.

AMD’s Secure Encrypted Virtualization (SEV) , which accompanies EPYC line of processors, is a feature that encrypts the memory of each VM in a way that only the  guest himself can get to the data, shielding it from different VMs and even from an untrusted hypervisor.

Found by analysts from the Fraunhofer Institute for Applied and Integrated Security in Munich, this side channel attack, named SEVered, exploits the page-wise encryption of the principle memory, permitting a  hypervisor to extract the full content of the primary memory in plaintext from encrypted VMs.

The analysts additionally suggested a couple of steps AMD could take to detach the progress procedure between the host and Guest Physical Address (GPA) to make SEVered attack harder to execute.

Share This Article
Leave a comment