Voltage manipulation can bypass hardware security on AMD's server CPUs

CyberTech · Aug 15, 2021

Why it matters: Researchers from the Technische Universität Berlin have demonstrated that AMD's Secure Encrypted Virtualisation (SEV) technology can be defeated by manipulating input voltages, compromising the technology in a similar way to previous attacks against its Intel counterpart.

SEV relies on the Secure Processor (SP), a humble Arm Cortex-A5, to provide a root of trust in AMD EPYC CPUs (Naples, Rome and Milan -- Zen 1 through 3).

The research paper -- toting the amusing-yet-wordy title of "One Glitch to Rule Them All: Fault Injection Attacks Against AMD’s Secure Encrypted Virtualization" -- describes how an attacker could compromise the SP to retrieve encryption keys or execute arbitrary code.

"By manipulating the input voltage to AMD systems on a chip (SoCs), we induce an error in the read-only memory (ROM) bootloader of the AMD-SP, allowing us to gain full control over this root-of-trust."

The rest

Voltage manipulation can bypass hardware security on AMD's server CPUs

SEV relies on the Secure Processor (SP), a humble Arm Cortex-A5, to provide a root of trust in AMD EPYC CPUs (Naples, Rome and Milan – Zen 1 through 3).

www.techspot.com

Gandalf_The_Grey · Aug 25, 2021

AMD and researchers spar over shocking attack's real-world dangers

Hypothetical threat, or concrete danger?

What you need to know

Researchers have exposed a vulnerability with AMD SEV (Secure Encrypted Virtualization).

In response, AMD has cast doubt on the real-world implications of the discovery, citing physical logistical hurdles for threat actors.

The researchers have responded, disputing the existence of said hurdles.

In one of the more tech-savvy, inside-baseball bits of news to crop up recently, AMD and a group of researchers have begun something of a sparring match, going back and forth over whether AMD SEV (Secure Encrypted Virtualization) has just had a dangerous vulnerability exposed or if nothing more than inconsequential hypotheticals have been presented.

Here's the idea behind SEV (based on how AMD is positioning it): It's meant to safeguard virtual machine data in the cloud so that admins can't go wild and cause chaos. However, in a research paper entitled "One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization," researchers shine a spotlight on where SEV can be compromised (via The Register).

"By manipulating the input voltage to AMD systems on a chip (SoCs), we induce an error in the read-only memory (ROM) bootloader of the AMD-SP, allowing us to gain full control over this root-of-trust," the paper says. "This type of attack is commonly referred to as voltage fault injection attacks."

AMD replied that this is not a remote attack scenario, casting doubt over the real-world utility of the attack. However, the researchers came back with a statement. When speaking to TechRadar Pro, Robert Buhren, one of the paper's authors, pointed out that "no physical tampering with machines in the data center is required" and that the threat posed by a voltage fault injection attack is very much real.

Furthermore, Buhren highlighted that the vulnerability being unrelated to firmware means that firmware updates can't stop it, making it even more dangerous. AMD has yet to publicly reply to the updated researcher response.