RMPocalypse: Breaking AMD Confidential Computing with a Single Write(rmpocalypse.github.io)
3 pointsby hasheddan5 hours ago1 comment
  • magicalhippo4 hours ago
    Under the "How difficult is it to exploit" in the FAQ they mention it's very easy and with 100% success. Yet the text itself says this:

    In our analysis of the RMP initialization, we observed that the malicious hypervisor running on the x86 cores can still create dirty cachelines pointing to DRAM. [...] As depicted in (c), the malicious hypervisor can use the primitive to get arbitrary unchecked writes to RMP memory.

    So it would seem it's easy as long as you managed to install a malicious hypervisor...

    Of course not great, with supply chain attacks being a serious cause for concern. Still, hardly "easy" if it requires hijacking a core piece of infrastructure?

    • transpute2 hours ago
      https://en.wikipedia.org/wiki/Confidential_computing

        The following threat vectors are generally considered in scope for confidential computing: Software attacks: including attacks on the host’s software and firmware. This may include the operating system, hypervisor, BIOS, other software and workloads.
      • magicalhippo2 hours ago
        I'm not saying it's not a critical bug that should be fixed somehow. I just thought it seemed a bit of a stretch to call replacing the hypervisor with a malicious one "easy".
        • transputean hour ago
          The hypervisor is typically controlled by the infrastructure operator.

          If the infrastructure operator is untrusted, as in some models of confidential computing, then hypervisor replacements are both easy and an expected threat.

          • magicalhippoan hour ago
            Ok, fair point. Guess I didn't expect people to want to run their stuff on untrusted hardware.