hngopher.com

       [HN Gopher] AMD's trusted execution environment blown wide open ...
       ___________________________________________________________________
        
       AMD's trusted execution environment blown wide open by new BadRAM
       attack
        
       Author : alecco
       Score  : 50 points
       Date   : 2024-12-10 20:59 UTC (2 hours ago)
        
 (HTM) web link (arstechnica.com)
 (TXT) w3m dump (arstechnica.com)
        
       | quantified wrote:
       | The explanation paints a picture of an elegant hack.
        
       | nimbius wrote:
       | "The BadRAM attack - which does require physical access to
       | hardware"
       | 
       | so...academically "blown wide open" but for anyone with a cogent
       | opsec, probably not the end of the world.
        
         | ngdasfwkj wrote:
         | the tee also "protects" parties trusted by the manufacturer
         | from the owner
        
         | pclmulqdq wrote:
         | Physical access is one of the things that a trusted execution
         | environment is supposed to protect against. It's one of the
         | major reasons to use a TEE instead of just normal VM isolation.
        
         | fweimer wrote:
         | The whole feature is advertised as something hypervisor
         | operators can use to show customers that their data and code is
         | safe from interference by these operators. Basically, it's
         | about separating physical access to the hardware from access to
         | the computation that occurs on the hardware, and the data that
         | is processed there. This means that such attacks are relevant
         | for once.
         | 
         | I have my doubts whether this can ever work reliably. It seems
         | risky to bet a lot of infrastructure investment on the fact
         | that attacks like this one (or even better ones) do not happen.
         | But the entire hypervisor business has the same structural
         | problem (a bad CPU bug like the T-Head C910 vector issue could
         | turn your hypervisor fleet into very expensive single-tenant
         | machines over night), and yet here we are ...
        
         | cwillu wrote:
         | The entire point is to protect against those (like the owner of
         | the hardware) who have physical access.
        
       | trebligdivad wrote:
       | That's quite neat; SNP has a pretty complex system for avoiding
       | multiple mappings (the RMP aka Reverse Map Table); this nicely
       | walks around it :-)
        
       ___________________________________________________________________
       (page generated 2024-12-10 23:00 UTC)