Virtualization Technology News and Information
AMD Releases Firmware Update To Address SEV Vulnerability


A new security vulnerability was found within AMD's Secure Encrypted Virtualization (SEV) to have insecure cryptographic implementations.  The vulnerability was found by Cfir Cohen as part of the Google Cloud security team, and carries the CVE-2019-9836 designation.  Fortunately, this vulnerability was addressed by a firmware update.

What's affected?

AMD EPYC server platforms (codename "Naples") running SEV firmware version 0.17 build 11 and below.

An AMD representative responded, saying:

"At AMD, security remains a top priority and we continue to work to identify any potential risks for our customers. Through ongoing collaboration with industry researchers AMD became aware that, if using the user-selectable AMD secure encryption feature on a virtual machine running the Linux operating system, an encryption key could be compromised by manipulating the encryption technology's behavior.  AMD released firmware-based cryptography updates to our ecosystem partners and on the AMD website to remediate this risk."

AMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption feature that protects guest virtual machines from the hypervisor.  It does so by providing confidentiality guarantees at run-time and remote attestation at launch. SEV key management code runs inside the Platform Security Processor (PSP). 

The SEV elliptic-curve (ECC) implementation was found to be vulnerable to an invalid curve attack.  At launch-start command, an attacker can send small order ECC points not on the official NIST curves, and force the SEV firmware to multiply a small order point by the firmware's private DH scalar. 

By collecting enough modular residues, an attacker can recover the complete PDH private key.  With the PDH, an attacker can recover the session key and the VM's launch secret.  This breaks the confidentiality guarantees offered by SEV.

AMD has released an update to the firmware which patches this issue.  The fix is applied in SEV firmware version 0.17 build 22, which AMD rolled out to its OEM partners for firmware updates on June 4th.  AMD also warns users that implemented SEV within their critical systems to reach out to their platform vendors for corresponding updates.

Published Thursday, June 27, 2019 3:42 PM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2019>