Shaun Nichols, reporting for The Register: A group of German researchers have devised a method to thwart the VM security in AMD's server chips. Dubbed SEVered (PDF), the attack would potentially allow an attacker, or malicious admin who had access to the hypervisor, the ability to bypass AMD's Secure Encrypted Virtualization (SEV) protections.

The problem, say Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that SEV, which is designed to isolate VMs from the prying eyes of the hypervisor, doesn't fully isolate and encrypt the VM data within the physical memory itself.

Researchers Crack Open AMD's Server VM Encryption

  • I feel like some of these stories are like Bob's Home Security fails to protect you if your wife is a serial killer.

      Hey, Intel paid a lot of shekels for this very valuable research!

      "I feel like some of these stories are like Bob's Home Security fails to protect you if your wife is a serial killer."

      To an extent they are, but if you are using cloud providers, the other tennants, and the monkeys at the cloud provider itself should all be considered potentially hostile.

      And even within companies there is this (legitimate) concept that everyone in IT shouldn't hold the keys to payroll, finance, HR, and the R&D trade secretes... so there are lots scenarios where the people administering

  • If you have access to the hypervisor you already have full control over the guests even without this "exploit." Why is this considered a big deal exactly?

    • Consider it an incentive to not skimp on hypervisor programming.

      The problem, say Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that SEV, which is designed to isolate VMs from the prying eyes of the hypervisor, doesn't fully isolate and encrypt the VM data within the physical memory itself.

      I wonder if that's because doing so would incur too much of a performance penalty?

