AMD hardware that provides some encryption for virtual machines has a potential concern for those expecting their VMs to be absolutely insulated.
This just in via eMail from Feisty Duck TLS News <newsletter@feistyduck.com>:
AMD-SEV: Platform DH key recovery via invalid curve attack (CVE-2019-9836)
From: Cfir Cohen via Fulldisclosure <fulldisclosure () seclists org>
Date: Tue, 25 Jun 2019 10:00:27 -0700
LINK: https://seclists.org/fulldisclosure/2019/Jun/46
Affected products ============= AMD EPYC server platforms (codename “Naples”) running SEV firmware version 0.17 build 11 and below are affected.
Overview ======== AMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption feature. SEV protects guest virtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation at launch time. See [1] for details. SEV key management code runs inside the Platform Security Processor (PSP) [2]. The SEV elliptic-curve (ECC) implementation was found to be vulnerable to an invalid curve attack. At launch-start command, an attacker can send small order ECC points not on the official NIST curves, and force the SEV firmware to multiply a small order point by the firmware’s private DH scalar. By collecting enough modular residues, an attacker can recover the complete PDH private key. With the PDH, an attacker can recover the session key and the VM’s launch secret. This breaks the confidentiality guarantees offered by SEV.