3

AMD SEV enables creating a trusted encrypted VM where the memory of the whole VM is encrypted using cryptographic keys and features on the CPU and thus not visible to the cloud provider (in theory if there is no collusion between the chip provider, hypervisor and cloud providers).

  1. Since the whole VM RAM is encrypted, if there are two users A and B logged onto the same secure VM (e.g. SSH) is user A (e.g. with root privileges) able to dump the content of the VM memory and this way to reveal the content of the B's data in use which is processed in that VM (RAM for both users should be encrypted with the same key)?
  2. If the answer to 1. is yes, then: virtualization software provides a console access to the VMs which allows cloud provider to operate the VMs. Is this then the way cloud provider can have the access to the encrypted VM and see the users data in memory and bypass the protection? How can the user of the secure VM be sure that there is no such side entry into his/her VM?
Maarten Bodewes
  • 4,562
  • 15
  • 29
Pavle V
  • 31
  • 2

1 Answers1

3

Yes. For the outside OS the data in the VM is encrypted but from the inside your OS is a "normal" OS where the data (RAM/disks) is unencrypted otherwise your guest OS won't be able to function.

Considering you need to interact with a VM using e.g. keyboard, mouse, LAN, image on the screen, COM ports I can imagine all those things can be tapped into and used to access your guest while bypassing encryption (you have to be able to otherwise your guest OS will exist in the absolute vacuum) which means it depends on your VM provider whether they are indeed exported or not.

Still, when your guest OS is properly configured it mustn't be possible to use these IO interfaces to interact with an encrypted VM underneath while bypassing authentication checks. Imagine the average locked PC/laptop/server: unless you disassemble it, you can only interact with it using its keyboard, mouse or network interfaces/services and all of them are normally properly secured.

Please check this answer as well.

Artem S. Tashkinov
  • 1,389
  • 5
  • 13
  • Hi @Artem, thanks for your answer. If you take a look at the demo in this talk (around 20 min): https://youtu.be/fBG_vsSS21U?t=1191 He was able to enable both virtual serial port (which can be none, but also a virtual console, pseudo tty, etc) and vnc connection to the SEV-ES secure VM. So, I guess related to your answer 2 - it seems that there is no restriction to do this. How can we be sure that such a thing is not implemented in secure VM? Is there a way to check this? – Pavle V Jul 04 '22 at 16:31
  • @PavleV when you say this I've realized it's totally possible considering a VM can have any kind of ports including COM/LPT(Parallel)/Mouse/Keyboard/GPU/LAN which all need to be unencrypted otherwise you'll get nothing but pure randomness inside/outside of the VM. IT looks like you either trust your VM provider or not. – Artem S. Tashkinov Jul 04 '22 at 17:02
  • For instance in my company we use several cloud providers and they give you console access. This console **still requires** you to authenticate using login/password. The biggest danger is that in the past cloud provider could circumvent all of these protections by simply accessing your HDD/RAM directly, or booting with `init=/bin/bash` and none of that is now possible with fully encrypted guests. Thank you for the question! – Artem S. Tashkinov Jul 04 '22 at 17:16