Google security researchers have published comprehensive details on "EntrySign," a significant vulnerability affecting all AMD Zen processors through Zen 4. The flaw allows attackers with local administrator privileges to install custom microcode updates on affected CPUs, bypassing AMD's cryptographic verification system. The vulnerability stems from AMD's use of AES-CMAC as a hash function in its signature verification process—a critical cryptographic error. CMAC is designed as a message authentication code, not a secure hash function. The researchers discovered that AMD had been using a published example key from NIST documentation since Zen 1, allowing them to forge signatures and deploy arbitrary microcode modifications. These modifications can alter CPU behavior at the most fundamental level, enabling sophisticated attacks that persist until the next system reboot.

Google's security team has released "zentool," an open-source jailbreak toolkit allowing researchers to create, sign, and deploy custom microcode patches on vulnerable processors. The toolkit includes capabilities for microcode disassembly, patch authoring with limited assembly support, and cryptographic signing functions. As a proof-of-concept, the researchers demonstrated modifying the RDRAND instruction to consistently return predetermined values, effectively compromising the CPU's random number generation. AMD has issued microcode updates that replace the compromised validation routine with a custom secure hash function. The company's patches also leverage the AMD Secure Processor to update the validation routine before x86 cores can process potentially tampered microcode. While the attack requires local administrator access and doesn't persist through power cycles, it poses significant risks to confidential computing environments using technologies like SEV-SNP and DRTM. The researchers noted their findings could enable further CPU security research beyond exploit development, potentially allowing the implementation of new security features similar to those developed for Intel processors through similar techniques.

One of the main pillars that vendors of Arm-based processors often cite as a competitive advantage versus x86 processors is a keen focus on energy efficiency and predictability of performance. In the quest for higher efficiency and performance, Arm vendors have largely designed out the ability to operate on multiple threads concurrently—something that most enterprise-class CPUs have enabled for years under the technology description of "SMT"—which was also created in the name of enabling performance and efficiency benefits.

Arm vendors often claim that SMT brings security risks, creates performance unpredictability from shared resource contention and drives added cost and energy needed to implement SMT. Interestingly, Arm does support multi-threading in its Neoverse E1-class processor family for embedded uses such as automotive. Given these incongruities, this blog intends to provide a bit more clarity to help customers assess what attributes of performance and efficiency really bring them value for their critical workloads.

Google Security Research team has just published its latest research on a fundamental flaw in the microcode patch verification system that affects AMD processors from "Zen 1" through "Zen 4" generations. The vulnerability stems from an inadequate hash function implementation in the CPU's signature validation process for microcode updates, enabling attackers with local administrator privileges (ring 0 from outside a VM) to inject malicious microcode patches, potentially compromising AMD SEV-SNP-protected confidential computing workloads and Dynamic Root of Trust Measurement systems. Google disclosed this high-severity issue to AMD on September 25, 2024, leading to AMD's release of an embargoed fix to customers on December 17, 2024, with public disclosure following on February 3, 2025; however, due to the complexity of supply chain dependencies and remediation requirements, comprehensive technical details are being withheld until March 5, 2025, allowing organizations time to implement necessary security measures and re-establish trust in their confidential compute environments.

AMD has released comprehensive mitigation measures through AGESA firmware updates across its entire EPYC server processor lineup, from the first-generation Naples to the latest Genoa-X and Bergamo architectures. The security patch, designated as CVE-2024-56161 with a high severity rating of 7.2, introduces critical microcode updates: Naples B2 processors require uCode version 0x08001278, Rome B0 systems need 0x0830107D, while Milan and Milan-X variants mandate versions 0x0A0011DB and 0x0A001244 respectively. For the latest Genoa-based systems, including Genoa-X and Bergamo/Siena variants, the required microcode versions are 0x0A101154, 0x0A10124F, and 0x0AA00219. These updates implement robust protections across all SEV security features - including SEV, SEV-ES, and SEV-SNP - while introducing new restrictions on microcode hot-loading capabilities to prevent future exploitation attempts.

Researchers at Graz University of Technology and the Helmholtz Center for Information Security have released their paper on CacheWarp—the latest vulnerability affecting some of the prior generation AMD EPYC CPUs. Titled CVE-2023-20592, the exploit targets first-generation EPYC Naples, second-generation EPYC Rome, and third-generation EPYC Milan. CacheWarp operates by exploiting a vulnerability in AMD's Secure Encrypted Virtualization (SEV) technology, specifically targeting the SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging) versions. The attack is a software-based fault injection technique that manipulates the cache memory of a virtual machine (VM) running under SEV. It cleverly forces modified cache lines of the guest VM to revert to their previous state. This action circumvents the integrity checks that SEV-SNP is designed to enforce, allowing the attacker to inject faults without being detected.

Unlike attacks that rely on specific guest VM vulnerabilities, CacheWarp is more versatile and dangerous because it does not depend on the characteristics of the targeted VM. It exploits the underlying architectural weaknesses of AMD SEV, making it a broad threat to systems relying on this technology for security. The CacheWarp attack can bypass robust security measures like encrypted virtualization, posing a significant risk to data confidentiality and integrity in secure computing environments. AMD has issued an update for EPYC Milan with a hot-loadable microcode patch and updated the firmware image without any expected performance degradation. And for the remaining generations, AMD states that no mitigation is available for the first or second generations of EPYC processor (Naples and Rome) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity, and the SEV-SNP is not available.

AMD has published the source code for AMD Secure Encrypted Virtualization (SEV) technology, the backbone of AMD EPYC processor-based confidential computing virtual machines (VMs) available from cloud service providers including Amazon Web Services (AWS), Google Cloud, Microsoft Azure and Oracle Compute Infrastructure (OCI). This release from AMD will drive greater transparency for the security industry and provide customers the opportunity to thoroughly review the technology behind confidential computing VMs powered by AMD EPYC processors.

"As a leader in confidential computing, we are committed to a relentless pursuit of innovation and creating modern security features that complement our ecosystem partners' most advanced cloud offerings," said Mark Papermaster, executive vice president and chief technology officer, AMD. "By sharing the underpinnings of our SEV technology, we are delivering transparency for confidential computing and demonstrating our dedication to open source. Involving the open-source community will further strengthen this critical technology for our partners and customers who expect nothing less than the utmost protection for their most valuable asset - their data."