Modern CPUs are comprised of many different components and therefore require a high amount of interconnectivity between each other. This task is handled by internal routing networks. These networks are hugely important for the CPU to function correctly and in a performant fashion. Unfortunately for researchers, they are also not documented in depth, which makes investigating their impacts on the security of different CPU features difficult.
Among these features common on modern (server) CPUs are hardware-assisted trusted execution environments (TEEs), which aim to provide the user with confidential computing primitives. Such deployments are gaining popularity in cloud computing.
In this talk, we examine and reverse engineer crucial aspects of two of these components on AMD’s Zen platform, as well as their initialization and configuration. Our findings lead us to a novel attack class against AMD’s TEE technology SEV-SNP. We demonstrate two concrete attacks against this technology, both of which completely undermine the guarantees of SEV-SNP.
Chris is a PhD student at ETH Zürich, focusing on system level security and confidential computing. He also plays CTF with Flagbot & Organizers.
Benedict is a fourth-year PhD student at ETH Zurich, advised by Prof. Shweta Shinde. His research focuses on novel system-level perspectives on confidential computing technologies, with a focus on building and breaking things.
