cynicalsecurity 

V. Narayanan et al., "emote attestation of SEV-SNP confidential VMs using e-vTPMs"¹

Departing from "your data is safe with us" model where the cloud infrastructure is trusted, cloud tenants are shifting towards a model in which the cloud provider is not part of the trust domain. Both silicon and cloud vendors are trying to address this shift by introducing confidential computing - an umbrella term that provides mechanisms for protecting the data in-use through encryption below the hardware boundary of the CPU, e.g., Intel Software Guard Extensions (SGX), AMD secure encrypted virtualization (SEV), Intel trust domain extensions (TDX), etc.
In this work, we design and implement a virtual trusted platform module (vTPM) that virtualizes the hardware root-of-trust without requiring to trust the cloud provider. To ensure the security of a vTPM in a provider-controlled environment, we leverage unique isolation properties of the SEV-SNP hardware and a novel approach to ephemeral TPM state management. Specifically, we develop a stateless ephemeral vTPM that supports remote attestation without persistent state. This allows us to pair each confidential VM with a private instance of a vTPM that is completely isolated from the provider-controlled environment and other VMs. We built our prototype entirely on open-source components - Qemu, Linux, and Keylime. Though our work is AMD-specific, a similar approach could be used to build remote attestation protocol on other trusted execution environments (TEE).

#arXiv #ResearchPapers #SEV-SNP #TPM #TDX #SGX #RemoteAttestation #Intel #AMD

__
¹ https://arxiv.org/abs/2303.16463

Remote attestation of SEV-SNP confidential VMs using e-vTPMs

Departing from "your data is safe with us" model where the cloud infrastructure is trusted, cloud tenants are shifting towards a model in which the cloud provider is not part of the trust domain. Both silicon and cloud vendors are trying to address this shift by introducing confidential computing - an umbrella term that provides mechanisms for protecting the data in-use through encryption below the hardware boundary of the CPU, e.g., Intel Software Guard Extensions (SGX), AMD secure encrypted virtualization (SEV), Intel trust domain extensions (TDX), etc. In this work, we design and implement a virtual trusted platform module (vTPM) that virtualizes the hardware root-of-trust without requiring to trust the cloud provider. To ensure the security of a vTPM in a provider-controlled environment, we leverage unique isolation properties of the SEV-SNP hardware and a novel approach to ephemeral TPM state management. Specifically, we develop a stateless ephemeral vTPM that supports remote attestation without persistent state. This allows us to pair each confidential VM with a private instance of a vTPM that is completely isolated from the provider-controlled environment and other VMs. We built our prototype entirely on open-source components - Qemu, Linux, and Keylime. Though our work is AMD-specific, a similar approach could be used to build remote attestation protocol on other trusted execution environments (TEE).

arXiv.org
Apr 2, 2023 at 6:32pmWeb
Show threadpeter honeymanApr 2, 2023
@cynicalsecurity there’s no problem in computer science that can’t be solved by adding another layer of abstraction
Show threadcynicalsecurity Apr 2, 2023

@peterhoneyman there is also no problem in computer science with preposterous security claims that cannot be laughed at by security researchers… I cannot believe they continue building upon the Ptolemaic security design brought upon us by the Intel architecture.

Given the investment so far they could have developed a better, more secure, microarchitecture which could have emulated x86 keeping its "features" at a distance just like one holds smelly socks.