Researchers say a voltage-glitching attack can access encrypted virtual-machine data on AMD Secure Processors, but it's not easy. Credit: Warchi / Getty Images AMD likes to crow about how its Epyc server processors can encrypt the content of virtal machines while they’re in operation so they are secure and isolated, preventing other VMs on the processor from accessing the encrypted contents. Well, researchers from the Technical University of Berlin have found a weakness in that feature, known as Secure Encrypted Virtualization (SEV), and published a theoretical attack that defeats the protection. The paper ”One Glitch to Rule Them All: Fault Injection Attacks Against AMD’s Secure Encrypted Virtualization” details how the researchers succeeded in mounting a voltage fault-injection attack. Basically it’s a shock to the Epyc’s system. Integrated circuits need to operate within specific temperature, clock stability, and perhaps most important, voltage ranges. Purposefully manipulating one of these parameters is called a glitching attack because it throws the integrated circuit out of stable operating parameters. The German researchers used a voltage-glitching attack to show that manipulating the input voltage to AMD chips, they can induce an error in the ROM bootloader of the secure processor, allowing them to gain full control of the processor and its contents. “By manipulating the input voltage to AMD systems on a chip (SoCs), we induce an error in the read-only memory (ROM) bootloader of the AMD-SP, allowing us to gain full control over this root-of-trust,” the researchers say in their paper. “Furthermore, we showed that the glitching attack enables the extraction of endorsement keys. The endorsement keys play a central role in the remote attestation mechanism of SEV and can be used to mount remote attacks. Even an attacker without physical access to the target host can use extracted endorsement keys to attack SEV-protected VMs. By faking attestation reports, an attacker can pose as a valid target for VM migration to gain access to a VM’s data,” the researchers wrote . The hardware needed to conduct such an attack is widely available and inexpensive—a microcontroller and a cheap flash programmer. And this impacts all three generations of AMD’s Zen architecture. And now for the good news. The researchers said it took them four hours to prepare a system for an attack, and the attack includes an in-person stage at the server to connect the hardware. That was something AMD pointed out to me, and a fact that was buried in some of the news coverage of this. Bottom line: don’t sweat it. Related content news Pure Storage adds AI features for security and performance Updated infrastructure-as-code management capabilities and expanded SLAs are among the new features from Pure Storage. By Andy Patrizio Jun 26, 2024 3 mins Enterprise Storage Data Center news Nvidia teases next-generation Rubin platform, shares physical AI vision ‘I'm not sure yet whether I'm going to regret this or not,' said Nvidia CEO Jensen Huang as he revealed 2026 plans for the company’s Rubin GPU platform. By Andy Patrizio Jun 17, 2024 4 mins CPUs and Processors Data Center news Intel launches sixth-generation Xeon processor line With the new generation chips, Intel is putting an emphasis on energy efficiency. By Andy Patrizio Jun 06, 2024 3 mins CPUs and Processors Data Center news AMD updates Instinct data center GPU line Unveiled at Computex 2024. the new AI processing card from AMD will come with much more high-bandwidth memory than its predecessor. By Andy Patrizio Jun 04, 2024 3 mins CPUs and Processors Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe