1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
CachePC
=======
This repository contains proof-of-concept code for a novel cache side-channel
attack dubbed PRIME+COUNT that we demonstrate can be used to circumvent
AMD's latest secure virtualization solution SEV-SNP to access sensitive
guest information.
tests
-----
Several test-cases were used to verify parts of the exploit chain separately:
test/eviction:
Demonstrate that performance counters & our setup are accurate enough
to detect a single eviction in L1 cache and infer its cache set
through PRIME+COUNT
test/kvm-eviction:
Demonstrate that the cache set of a memory access instruction can be
inferred in non-SEV / SEV / SEV-ES / SEV-SNP -enabled vms respectively.
test/kvm-step:
Demonstrate that SEV-SNP enabled vms can be single-stepped using local
APIC timers to interrupt the guest and increment the interrupt interval
while observing the RIP+RFLAGS ciphertext in the VMSA for changes to
detect that a single instruction has been executed.
test/kvm-pagestep:
Demonstrate that a SEV-SNP enabled vm can be quickly single-stepped
and analyzed by tracking a single page at a time. This type
of tracking creates a page-wise profile of the guests execution,
which can be used to infer what the guest is doing and to begin
fine-grained single-stepping.
test/qemu-eviction:
Replicate result from kvm-eviction on a qemu-based vm running debian
using a specially crafted guest program to signal when measurement
should take place to infer the accessed set.
test/qemu-aes:
Demonstrate that AES encryption keys can be leaked from a
modified qemu-based linux guest.
test/qemu-poc:
Demonstrate that AES encryption keys can be leaked from an
unmodified qemu-based linux guest.
setup
-----
Testing was done on a Supermicro H12SSL-i V1.01 motherboard and AMD EPYC 72F3
(Family 0x19, Model 0x01) cpu.
The following non-default BIOS settings were used:
Advanced > CPU Configuration > Local APIC Mode = xAPIC
Advanced > CPU Configuration > Core Performance Boost = Disabled
Advanced > CPU Configuration > SMT Control = Disabled
Advanced > CPU Configuration > Global C-state Control = Disabled
Advanced > CPU Configuration > L1 Stream HW Prefetcher = Disabled
Advanced > CPU Configuration > L2 Stream HW Prefetcher = Disabled
Advanced > CPU Configuration > SMEE = Enabled
Advanced > CPU Configuration > SEV ASID Count = 509
Advanced > CPU Configuration > SEV ASID Space Limit Control = Manual
Advanced > CPU Configuration > SEV ASID Space Limit = 110
Advanced > CPU Configuration > SNP Memory (RMP Table) Coverage = Enabled
Advanced > North Bridge Configuration > SEV-SNP Support = Enabled
Advanced > North Bridge Configuration > Memory Configuration > TSME = Disabled
The following kernel parameters were used:
kvm_amd.sev=1 kvm_amd.sev_es=1 nokaslr debug systemd.log_level=info
isolcpus=2,10,3,11 nohz_full=2,10,3,11 rcu_nocbs=2,10,3,11 nmi_watchdog=0
transparent_hugepage=never apic lapic panic=-1
To successfully build and load the kvm.ko and kvm-amd.ko modules, ensure
that a host kernel debian package was built using `make host`.
Note, the checked out commit of the modified kernel (previously the kernel
patch file) may be incorrect for revisions older than 864f5fa9d539.
|
