Secure Encrypted Virtualization is Unsecure
https://arxiv.org/abs/1712.05090 [arxiv.org]
2017-12-18 19:15
AMD plans to provide Secure Encrypted Virtualization (SEV) technology in its latest processor EPYC to protect virtual machines by encrypting its memory but without integrity protection. In this paper, we analyzed the weakness in the SEV design due to lack of integrity protection thus it is not so secure. Using different design flaw in physical address-based tweak algorithm to protect against ciphertext block move attacks, we found a realistic attack against SEV which could obtain the root privilege of an encrypted virtual machine protected by SEV.
source: grugq