CachePC ======= This repository contains proof-of-concept code for a novel cache side-channel attack dubbed PRIME+COUNT that we demonstrate can be used to circumvent AMD's latest secure virtualization solution SEV-SNP to access sensitive guest information. Several test-cases were used to verify parts of the exploit chain separately: test/eviction: Demonstrate that performance counters & our setup are accurate enough to detect a single eviction in L1 cache and infer its cache set through PRIME+COUNT test/kvm-eviction: Demonstrate that the cache set of a memory access instruction can be inferred in non-SEV / SEV / SEV-ES / SEV-SNP -enabled vms respectively. test/kvm-step: Demonstrate that SEV-SNP enabled vms can be single-stepped using local APIC timers to interrupt the guest and increment the interrupt interval while observing the RIP+RFLAGS ciphertext in the VMSA for changes to detect that a single instruction has been executed. test/kvm-pagestep: Demonstrate that a SEV-SNP enabled vm can be quickly single-stepped and analyzed by tracking a single page at a time. This type of tracking creates a page-wise profile of the guests execution, which can be used to infer what the guest is doing and to begin fine-grained single-stepping. test/qemu-eviction: Replicate result from kvm-eviction on a qemu-based vm running debian using a specially crafted guest program to signal when measurement should take place to infer the accessed set. test/qemu-aes: Demonstrate that AES encryption keys can be leaked from a modified qemu-based linux guest. test/qemu-poc: Demonstrate that AES encryption keys can be leaked from an unmodified qemu-based linux guest. Testing was done on a bare-metal AMD EPYC 72F3 (Family 0x19, Model 0x01) cpu and Supermicro H12SSL-i V1.01 motherboard. The following BIOS settings differ from the defaults: Advanced > CPU Configuration > Local APIC Mode = xAPIC Advanced > CPU Configuration > L1 Stream HW Prefetcher = Disabled Advanced > CPU Configuration > L2 Stream HW Prefetcher = Disabled Advanced > CPU Configuration > SMEE = Enabled Advanced > CPU Configuration > SEV ASID Count = 509 Advanced > CPU Configuration > SEV ASID Space Limit Control = Manual Advanced > CPU Configuration > SEV ASID Space Limit = 110 Advanced > CPU Configuration > SNP Memory (RMP Table) Coverage = Enabled Advanced > North Bridge Configuration > SEV-SNP Support = Enabled Advanced > North Bridge Configuration > Memory Configuration > TSME = Disabled Advanced > PCI Devices Common Settings > Memory Configuration > TSME = Disabled To successfully build and load the kvm.ko and kvm-amd.ko modules, ensure that a host kernel debian package was built using `make host`. Note: because of bad decisions made in regards to version control, the checked out commit of the modified kernel (previously the kernel patch file) might be incorrect for older revisions.