Under the "How difficult is it to exploit" in the FAQ they mention it's very easy and with 100% success. Yet the text itself says this:
In our analysis of the RMP initialization, we observed that the malicious hypervisor running on the x86 cores can still create dirty cachelines pointing to DRAM. [...] As depicted in (c), the malicious hypervisor can use the primitive to get arbitrary unchecked writes to RMP memory.
So it would seem it's easy as long as you managed to install a malicious hypervisor...
Of course not great, with supply chain attacks being a serious cause for concern. Still, hardly "easy" if it requires hijacking a core piece of infrastructure?
The following threat vectors are generally considered in scope for confidential computing: Software attacks: including attacks on the host’s software and firmware. This may include the operating system, hypervisor, BIOS, other software and workloads.
magicalhippo•3mo ago
I'm not saying it's not a critical bug that should be fixed somehow. I just thought it seemed a bit of a stretch to call replacing the hypervisor with a malicious one "easy".
transpute•3mo ago
The hypervisor is typically controlled by the infrastructure operator.
If the infrastructure operator is untrusted, as in some models of confidential computing, then hypervisor replacements are both easy and an expected threat.
magicalhippo•3mo ago
Ok, fair point. Guess I didn't expect people to want to run their stuff on untrusted hardware.
magicalhippo•3mo ago
In our analysis of the RMP initialization, we observed that the malicious hypervisor running on the x86 cores can still create dirty cachelines pointing to DRAM. [...] As depicted in (c), the malicious hypervisor can use the primitive to get arbitrary unchecked writes to RMP memory.
So it would seem it's easy as long as you managed to install a malicious hypervisor...
Of course not great, with supply chain attacks being a serious cause for concern. Still, hardly "easy" if it requires hijacking a core piece of infrastructure?
transpute•3mo ago
magicalhippo•3mo ago
transpute•3mo ago
If the infrastructure operator is untrusted, as in some models of confidential computing, then hypervisor replacements are both easy and an expected threat.
magicalhippo•3mo ago