Researchers contradict AMD claims that SEV keys can't be extracted remotely

Image of padlock against circuit board/cybersecurity background
(Image credit: Future)

Security researchers have overruled claims from AMD that recent findings concerning the chip giant's security processes do not pose a real-world threat.

The Technische Universität (TU) Berlin's Security in Telecommunications group recently published a research paper that demonstrated a means to defeat AMD's SEV mechanism in a voltage fault injection attack they refer to as a glitching attack.

AMD said the report, which described means to extract encryption keys from Secure Encrypted Virtualization (SEV)-enabled CPUs, had little real-world implication since it requires physical access to a server.

Robert Buhren, one of the authors of the paper, contacted TechRadar Pro to dismiss AMD’s supposition, and instead claims that the attacker needs to have physical access to any arbitrary Epyc CPU, and not necessarily to the CPU that executes the targeted virtual machines (VM).

“A malicious admin could buy the CPU somewhere and use the extracted keys on systems in the data-center. IMHO, this makes the attack much more dangerous as no physical tampering with machines in the data center is required,” Buhren told us.

Real world implications

Further explaining the real-world implications of their research, Buhren adds that the attack they describe enables attackers to use keys extracted from one AMD Epyc CPU to attack VMs running on any other AMD CPU as long as it is based on the same microarchitecture.

“In our paper we specifically describe an attack scenario that allows an attacker to decrypt a SEV protected VM's memory without physical access to the system hosting the VM,” asserts Buhren.

Buhren further points to his team’s earlier research paper, in which they had published proof-of-concept (PoC) code, which enabled a malicious administrator to mount the kind of attack that’s described in their current research.  

The PoC shows how an attacker can use the keys from one AMD processor to extract a SEV-protected VM's memory inside a data center.

He explains that their most recent glitching attack makes it possible to extract details from all three generations of Zen CPUs, in essence enabling the PoC to work on all AMD processors that support SEV.

Even more worryingly, Buhren claims that since the glitching attack isn’t a firmware issue, it’ll work regardless of whether AMD publishes updated firmware or not.

AMD hasn’t yet responded to TechRadar Pro’s email requesting for comment on Buhren’s assertions. 

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.