Developers from the Google Cloud team Vulnerability (CVE-2019-9836) in the implementation of AMD SEV (Secure Encrypted Virtualization) technology, which allows compromising data protected by this technology. AMD SEV provides transparent encryption of virtual machine memory at the hardware level, in which only the current guest system has access to decrypted data, and other virtual machines and the hypervisor receive an encrypted data set when they try to access this memory.
The identified problem allows you to completely restore the contents of a private PDH key processed at the level of a separate secure processor PSP (AMD Security Processor) that is inaccessible to the main OS.
Having the PDH key, the attacker can then recover the session key and the secret sequence specified when creating the virtual machine and gain access to the encrypted data.
The vulnerability is caused by flaws in the implementation of elliptic curves (ECC) used for encryption, which allow to restore the parameters of the curve. During the execution of a command to start a protected virtual machine, an attacker can send curve parameters that do not match the parameters recommended by NIST, which will lead to the use of low-order point values ββin multiplication operations with private key data.
Security of the ECDH protocol directly from the generated starting point of the curve, the discrete logarithm of which is a very difficult problem. One of the AMD SEV environment initialization steps uses parameters received from the user in the private key calculations. In essence, the operation of multiplying two points is performed, one of which corresponds to the private key. If the second point is a low-order prime, then the attacker can determine the parameters of the first point (the bits of the modulus used in the modulo exponentiation operation) by enumerating all possible values. To determine the private key, the matched pieces of prime numbers can then be put together using .
AMD EPYC server platforms that use SEV firmware up to version 0.17 build 11 are affected. AMD has already a firmware update that added blocking the use of points that do not match the NIST curve. At the same time, previously generated certificates for PDH keys remain valid, which allows an attacker to carry out an attack by migrating virtual machines from environments protected from the vulnerability to environments prone to the problem. It also mentions the possibility of performing an attack to roll back the firmware version to an old vulnerable release, but this possibility has not yet been confirmed.
Source: opennet.ru