ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Qhov tsis zoo hauv kev siv AMD SEV thev naus laus zis cuam tshuam rau AMD EPYC processors

Qhov tsis zoo hauv kev siv AMD SEV thev naus laus zis cuam tshuam rau AMD EPYC processors

AMD tau ceeb toom tias ob txoj kev tawm tsam tau raug txheeb xyuas uas tuaj yeem hla AMD SEV (Secure Encrypted Virtualization) kev ruaj ntseg mechanism. Qhov teeb meem cuam tshuam rau thawj, thib ob thiab thib peb tiam ntawm AMD EPYC processors (raws li Zen1 - Zen3 microarchitecture), nrog rau cov txheej txheem AMD EPYC.

AMD SEV ntawm qib hardware muab pob tshab encryption ntawm lub tshuab virtual nco, uas tsuas yog cov qhua tam sim no muaj kev nkag mus rau cov ntaub ntawv decrypted, thiab lwm lub tshuab virtual thiab tus hypervisor tau txais cov ntaub ntawv encrypted thaum sim nkag mus rau lub cim xeeb no. Cov teeb meem uas tau txheeb pom tso cai rau tus neeg tawm tsam nrog txoj cai tswj hwm ntawm lub server thiab kev tswj hwm ntawm tus neeg saib xyuas kom hla dhau AMD SEV kev txwv thiab ua lawv cov cai hauv cov ntsiab lus ntawm kev tiv thaiv virtual tshuab.

Cov teeb meem tau txheeb xyuas:

  • CVE-2021-26311 (undeSErVed nres) - los ntawm kev hloov pauv qhov kev txiav txim ntawm lub cim xeeb thaiv hauv qhov chaw nyob ntawm cov qhua, yog tias koj muaj kev tswj hwm tus neeg saib xyuas, koj tuaj yeem ua tiav koj cov cai hauv lub tshuab virtual qhua, txawm tias siv AMD SEV/SEV-ES tiv thaiv. Cov kws tshawb fawb tau npaj cov qauv qauv ntawm kev siv thoob ntiaj teb uas rov tsim cov blocks ntawm UEFI loaded thiab siv cov txheej txheem rov qab los taw qhia (ROP - Rov qab-Oriented Programming) cov txheej txheem los teeb tsa kev ua tiav ntawm kev cai lij choj.
  • CVE-2020-12967 (SEVerity attack) - qhov tsis muaj kev tiv thaiv zoo ntawm nested nco nplooj ntawv cov lus hauv AMD SEV/SEV-ES tso cai, yog tias koj muaj kev nkag mus rau lub hypervisor, los npaj cov kev hloov ntawm cov cai rau hauv cov qhua system kernel thiab npaj. kev hloov ntawm kev tswj mus rau qhov chaws no. Tus txheej txheem tso cai rau koj kom tau txais kev tswj hwm tag nrho ntawm cov qhua tiv thaiv thiab rho tawm cov ntaub ntawv tsis pub lwm tus paub los ntawm nws.

Txhawm rau tawm tsam txoj kev tawm tsam, AMD tau npaj SEV-SNP (Secure Nested Paging) txuas ntxiv, muaj raws li kev hloov kho firmware rau tiam thib peb ntawm AMD EPYC processors thiab muab kev ruaj ntseg ua haujlwm nrog nested nco nplooj ntawv. Ntxiv nrog rau kev cim xeeb encryption thiab SEV-ES (Encrypted State) txuas ntxiv uas tiv thaiv CPU sau npe, SEV-SNP muab kev tiv thaiv kev nco ntxiv uas tuaj yeem tiv thaiv kev tawm tsam los ntawm hypervisors thiab muab kev tiv thaiv ntxiv rau kev tawm tsam sab nraud.

Tau qhov twg los: opennet.ru

Ntxiv ib saib