One Article Review
| Source |  ProjectZero |
|---|---|
| Identifiant | 8221930 |
| Date de publication | 2022-06-08 14:08:01 (vue: 2022-11-25 18:05:33) |
| Titre | Release of Technical Report into the AMD Security Processor |
| Texte | Posted by James Forshaw, Google Project Zero Today, members of Project Zero and the Google Cloud security team are releasing a technical report on a security review of AMD Secure Processor (ASP). The ASP is an isolated ARM processor in AMD EPYC CPUs that adds a root of trust and controls secure system initialization. As it's a generic processor AMD can add additional security features to the firmware, but like with all complex systems it's possible these features might have security issues which could compromise the security of everything under the ASP's management. The security review undertaken was on the implementation of the ASP on the 3rd Gen AMD EPYC CPUs (codenamed "Milan"). One feature of the ASP of interest to Google is Secure Encrypted Virtualization (SEV). SEV adds encryption to the memory used by virtual machines running on the CPU. This feature is of importance to Confidential Computing as it provides protection of customer cloud data in use, not just at rest or when sending data across a network. A particular emphasis of the review was on the Secure Nested Paging (SNP) extension to SEV added to "Milan". SNP aims to further improve the security of confidential computing by adding integrity protection and mitigations for numerous side-channel attacks. The review was undertaken with full cooperation with AMD. The team was granted access to source code for the ASP, and production samples to test hardware attacks. The review discovered 19 issues which have been fixed by AMD in public security bulletins. These issues ranged from incorrect use of cryptography to memory corruption in the context of the ASP firmware. The report describes some of the more interesting issues that were uncovered during the review as well as providing a background on the ASP and the process the team took to find security issues. You can read more about the review on the Google Cloud security blog and the final report. |
| Envoyé | Oui |
| Condensat | 3rd about access across add added adding additional adds aims all amd are arm asp attacks background been blog and bulletins but can channel cloud code codenamed complex compromise computing computing as confidential context controls cooperation corruption could cpu cpus cryptography customer data describes discovered during emphasis encrypted encryption epyc everything extension feature features final find firmware fixed forshaw from full further gen generic google granted hardware have implementation importance improve incorrect initialization integrity interest to interesting isolated issues issues which james just like machines management members memory might milan mitigations more nested network not numerous one paging particular possible posted process processor production project protection provides providing public ranged read release releasing report report on rest review root running samples secure security sending sev side snp some source system systems team technical test these today took trust uncovered under undertaken use used virtual virtualization well when which zero |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.