AMD EPYC Secure Encrypted Virtualization Not So Secure: Researchers

XiGMAKiD · May 28, 2018

silentbogo said:
There's one more thing that looks suspicious.
Their paper is pretty much a slightly modified copycat of this one, published by members of Tangram Technologies from Shanghai back in December.

https://arxiv.org/ftp/arxiv/papers/1712/1712.05090.pdf

Their team lead, ZhaoHui Du, is very notable for being an Intel researcher and software engineer for almost 18 years. It's not a red flag by any means, but considering that Tangram was founded in 2017, it raises some concerns and suspicions.

Intel just wanted to make sure Epyc are safe for customer so they can use it to replace Xeon :roll:

BorgOvermind · May 29, 2018

Assimilator said:
While it's great that we're finally getting real security people looking at CPUs, it's terrifying that the manufacturers themselves never did this due diligence.

They look but they don't tell.

That's how intel and seagate got away with complete spy programs until Kas revealed them.

medi01 · May 29, 2018

"Admins can do evil things"
Totally not FUD campaign against AMD, who is thrashing Intel on multicore front.

Fx · May 29, 2018

jango_k said:
They are REPLACING the host hypervisor with a new one which is specifically allowed to snoop in the memory accesses. And they still need a VM on the same host to be a web server of allow other kind of memory access to the same ram as the target VM. This cannot be done in a datacenter without collusion with IT administrators from the whole chain of command.
Blaming the manufacturer because the product does not behave the same after the user flashes a new bios is unfathomable.
Even CTS Labs would not stoop so low as to report this a vulnerability.

Exactly. I called BS before I even read it. Sure enough, yet another "vulnerability" when someone has direct access to the servers.

remixedcat · May 29, 2018

This "newly discovered vulnerability" is nothing new. People have been circumventing penetrating to the host.

With Parallels virtuozzo containers you can go up the chain of command to infiltrate the host.

More examples here https://en.wikipedia.org/wiki/Virtual_machine_escape

lexluthermiester · May 30, 2018

Someone correct me if wrong, this is related to the recent CTS thing? Seems along the same lines..

Patriot · May 30, 2018

lexluthermiester said:
Someone correct me if wrong, this is related to the recent CTS thing? Seems along the same lines..

It is... But also valid in the same sense as the cts vulnerabilities are. The feature being bypassesed was designed to stop malicious hypervisors, Intel's security researcher managed to find a way around it. And this was published with a degree of separation same as cts.

System Name	Skypas
Processor	Intel Core i7-6700
Motherboard	Asus H170 Pro Gaming
Cooling	Cooler Master Hyper 212X Turbo
Memory	Corsair Vengeance LPX 16GB
Video Card(s)	MSI GTX 1060 Gaming X 6GB
Storage	Corsair Neutron GTX 120GB + WD Blue 1TB
Display(s)	LG 22EA63V
Case	Corsair Carbide 400Q
Power Supply	Seasonic SS-460FL2 w/ Deepcool XFan 120
Mouse	Logitech B100
Keyboard	Corsair Vengeance K70
Software	Windows 10 Pro (to be replaced by 2025)

System Name	M3401 notebook
Processor	5600H
Motherboard	NA
Memory	16GB
Video Card(s)	3050
Storage	500GB SSD
Display(s)	14" OLED screen of the laptop
Software	Windows 10
Benchmark Scores	3050 scores good 15-20% lower than average, despite ASUS's claims that it has uber cooling.

Processor	Ryzen 2600x
Motherboard	ASUS ROG Strix X470-F Gaming
Cooling	Noctua
Memory	G.SKILL Flare X Series 16GB DDR4 3466
Video Card(s)	EVGA 980ti FTW
Storage	(OS)Samsung 950 Pro (512GB), (Data) WD Reds
Display(s)	24" Dell UltraSharp U2412M
Case	Fractal Design Define R5
Audio Device(s)	Sennheiser GAME ONE
Power Supply	EVGA SuperNOVA 650 P2
Mouse	Mionix Castor
Keyboard	Deck Hassium Pro
Software	Windows 10 Pro x64

System Name	RemixedBeast-NX
Processor	Intel Xeon E5-2690 @ 2.9Ghz (8C/16T)
Motherboard	Dell Inc. 08HPGT (CPU 1)
Cooling	Dell Standard
Memory	24GB ECC
Video Card(s)	Gigabyte Nvidia RTX2060 6GB
Storage	2TB Samsung 860 EVO SSD//2TB WD Black HDD
Display(s)	Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900
Case	Dell Precision T3600 Chassis
Audio Device(s)	Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply	630w Dell T3600 PSU
Mouse	Logitech G700s/G502
Keyboard	Logitech K740
VR HMD	Linktr.ee/remixedcat // for my music ♡♡
Software	Linux Mint 20
Benchmark Scores	Network: APs: Ubiquiti Unifi AP-AC-LR and Lite Router/Sw:Meraki MX64 MS220-8P

System Name	[H]arbringer
Processor	4x 61XX ES @3.5Ghz (48cores)
Motherboard	SM GL
Cooling	3x xspc rx360, rx240, 4x DT G34 snipers, D5 pump.
Memory	16x gskill DDR3 1600 cas6 2gb
Video Card(s)	blah bigadv folder no gfx needed
Storage	32GB Sammy SSD
Display(s)	headless
Case	Xigmatek Elysium (whats left of it)
Audio Device(s)	yawn
Power Supply	Antec 1200w HCP
Software	Ubuntu 10.10
Benchmark Scores	http://valid.canardpc.com/show_oc.php?id=1780855 http://www.hwbot.org/submission/2158678 http://ww

AMD EPYC Secure Encrypted Virtualization Not So Secure: Researchers

XiGMAKiD

BorgOvermind

medi01

Fx

remixedcat

lexluthermiester

Patriot