• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMD EPYC Secure Encrypted Virtualization Not So Secure: Researchers

Joined
Dec 10, 2015
Messages
545 (0.17/day)
Location
Here
System Name Skypas
Processor Intel Core i7-6700
Motherboard Asus H170 Pro Gaming
Cooling Cooler Master Hyper 212X Turbo
Memory Corsair Vengeance LPX 16GB
Video Card(s) MSI GTX 1060 Gaming X 6GB
Storage Corsair Neutron GTX 120GB + WD Blue 1TB
Display(s) LG 22EA63V
Case Corsair Carbide 400Q
Power Supply Seasonic SS-460FL2 w/ Deepcool XFan 120
Mouse Logitech B100
Keyboard Corsair Vengeance K70
Software Windows 10 Pro (to be replaced by 2025)
There's one more thing that looks suspicious.
Their paper is pretty much a slightly modified copycat of this one, published by members of Tangram Technologies from Shanghai back in December.

https://arxiv.org/ftp/arxiv/papers/1712/1712.05090.pdf

Their team lead, ZhaoHui Du, is very notable for being an Intel researcher and software engineer for almost 18 years. It's not a red flag by any means, but considering that Tangram was founded in 2017, it raises some concerns and suspicions.

Intel just wanted to make sure Epyc are safe for customer so they can use it to replace Xeon :roll:
 
Joined
Oct 28, 2010
Messages
251 (0.05/day)
While it's great that we're finally getting real security people looking at CPUs, it's terrifying that the manufacturers themselves never did this due diligence.

They look but they don't tell.

That's how intel and seagate got away with complete spy programs until Kas revealed them.
 
Joined
Jul 9, 2015
Messages
3,413 (0.99/day)
System Name M3401 notebook
Processor 5600H
Motherboard NA
Memory 16GB
Video Card(s) 3050
Storage 500GB SSD
Display(s) 14" OLED screen of the laptop
Software Windows 10
Benchmark Scores 3050 scores good 15-20% lower than average, despite ASUS's claims that it has uber cooling.
"Admins can do evil things"
Totally not FUD campaign against AMD, who is thrashing Intel on multicore front.
 

Fx

Joined
Oct 31, 2008
Messages
1,332 (0.23/day)
Location
Portland, OR
Processor Ryzen 2600x
Motherboard ASUS ROG Strix X470-F Gaming
Cooling Noctua
Memory G.SKILL Flare X Series 16GB DDR4 3466
Video Card(s) EVGA 980ti FTW
Storage (OS)Samsung 950 Pro (512GB), (Data) WD Reds
Display(s) 24" Dell UltraSharp U2412M
Case Fractal Design Define R5
Audio Device(s) Sennheiser GAME ONE
Power Supply EVGA SuperNOVA 650 P2
Mouse Mionix Castor
Keyboard Deck Hassium Pro
Software Windows 10 Pro x64
They are REPLACING the host hypervisor with a new one which is specifically allowed to snoop in the memory accesses. And they still need a VM on the same host to be a web server of allow other kind of memory access to the same ram as the target VM. This cannot be done in a datacenter without collusion with IT administrators from the whole chain of command.
Blaming the manufacturer because the product does not behave the same after the user flashes a new bios is unfathomable.
Even CTS Labs would not stoop so low as to report this a vulnerability.

Exactly. I called BS before I even read it. Sure enough, yet another "vulnerability" when someone has direct access to the servers.
 
Joined
May 13, 2010
Messages
6,082 (1.14/day)
System Name RemixedBeast-NX
Processor Intel Xeon E5-2690 @ 2.9Ghz (8C/16T)
Motherboard Dell Inc. 08HPGT (CPU 1)
Cooling Dell Standard
Memory 24GB ECC
Video Card(s) Gigabyte Nvidia RTX2060 6GB
Storage 2TB Samsung 860 EVO SSD//2TB WD Black HDD
Display(s) Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900
Case Dell Precision T3600 Chassis
Audio Device(s) Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply 630w Dell T3600 PSU
Mouse Logitech G700s/G502
Keyboard Logitech K740
Software Linux Mint 20
Benchmark Scores Network: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and Lite Router/Sw:Meraki MX64 MS220-8P
This "newly discovered vulnerability" is nothing new. People have been circumventing penetrating to the host.

With Parallels virtuozzo containers you can go up the chain of command to infiltrate the host.

More examples here https://en.wikipedia.org/wiki/Virtual_machine_escape
 
Joined
Oct 27, 2009
Messages
1,190 (0.21/day)
Location
Republic of Texas
System Name [H]arbringer
Processor 4x 61XX ES @3.5Ghz (48cores)
Motherboard SM GL
Cooling 3x xspc rx360, rx240, 4x DT G34 snipers, D5 pump.
Memory 16x gskill DDR3 1600 cas6 2gb
Video Card(s) blah bigadv folder no gfx needed
Storage 32GB Sammy SSD
Display(s) headless
Case Xigmatek Elysium (whats left of it)
Audio Device(s) yawn
Power Supply Antec 1200w HCP
Software Ubuntu 10.10
Benchmark Scores http://valid.canardpc.com/show_oc.php?id=1780855 http://www.hwbot.org/submission/2158678 http://ww
Someone correct me if wrong, this is related to the recent CTS thing? Seems along the same lines..
It is... But also valid in the same sense as the cts vulnerabilities are. The feature being bypassesed was designed to stop malicious hypervisors, Intel's security researcher managed to find a way around it. And this was published with a degree of separation same as cts.
 
Top