AMD SEV enables creating a trusted encrypted VM where the memory of the whole VM is encrypted using cryptographic keys and features on the CPU and thus not visible to the cloud provider (in theory if there is no collusion between the chip provider, hypervisor and cloud providers).
- Since the whole VM RAM is encrypted, if there are two users A and B logged onto the same secure VM (e.g. SSH) is user A (e.g. with root privileges) able to dump the content of the VM memory and this way to reveal the content of the B's data in use which is processed in that VM (RAM for both users should be encrypted with the same key)?
- If the answer to 1. is yes, then: virtualization software provides a console access to the VMs which allows cloud provider to operate the VMs. Is this then the way cloud provider can have the access to the encrypted VM and see the users data in memory and bypass the protection? How can the user of the secure VM be sure that there is no such side entry into his/her VM?