AMD Epyc encryption for virtual machines can be circumvented

Researchers at Fraunhofer Aisec have developed a method to bypass the Secure Encrypted Virtualization security of AMD’s Epyc processors. This allows them to extract data from the ram of a virtual machine.

The researchers have called their attack Severed and claim that they can extract the entire contents of the working memory of a virtual machine in plaintext via a malicious hypervisor. To do this, they bypass the hardware Secure Encrypted Virtualization, or SEV, of AMD’s Epyc processors for data center systems.

The intention of SEV is that virtual machines in RAM are protected against access from outside, including via hypervisors, thanks to encryption. Each individual virtual machine is assigned its own memory space identifier, which is associated with a cryptographic key that is stored in the AMD Secure Processor. That key is used to encrypt and decrypt the virtual machine’s data.

According to the researchers, AMD’s method lacks sufficient integrity protection and part of the memory mapping is provided by the hypervisor. “This allows us to customize the memory layout of the virtual machine in the hypervisor,” the researchers write. As a result, they can have a service in the virtual machine, such as a web server, request arbitrary blocks of virtual memory in plaintext from the outside. By doing this repeatedly, and re-mapping the pages, they can query the entire memory of a virtual machine.

The Fraunhofer researchers demonstrated their method on a system with an AMD Epyc 7251 processor, running Debian running the Apache web server and OpenSSH in separate virtual machines. They managed to extract 2GB from the virtual machine with the Severed attack. According to the researchers, AMD can defend itself against the attack by improving integrity protection, which comes at a high cost. A cheaper, but less secure solution would be to combine hashes of pages.