AMD SEV威胁模型

1. AMD SEV官方白皮书网站

https://www.amd.com/en/developer/sev.html

2. 初版AMD SME白皮书所展示的SEV 威胁模型

https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/memory-encryption-white-paper.pdf

In the SEV model, code executing at different levels (namely hypervisor vs guest) is isolated so neither has access to the resources of the other. Even though the hypervisor level is traditionally “more privileged” than the guest level, SEV separates these levels through cryptographic isolation. This provides additional security for lower privileged code, without requiring trust in the high privileged code on which the less privileged code is dependent upon for startup and execution. Communication between hypervisor and guest is still possible, but those communication paths are tightly controlled.

翻译： 在 SEV 模型中，执行在不同级别(即管理程序与客户机)的代码是隔离的，因此两者都不能访问对方的资源。尽管管理程序级别传统上比客户级别“更具特权”，但 SEV 通过加密隔离来分隔这些级别。这为低特权代码提供了额外的安全性，而不需要信任高特权代码，低特权代码的启动和执行依赖于高特权代码。系统管理程序和客户机之间的通信仍然是可能的，但是这些通信路径受到严格控制。

Consequently, SEV technology is built around a threat model where an attacker is assumed to have access to not only execute user level privileged code on the target machine, but can potentially execute malware at the higher privileged hypervisor level as well. The attacker may also have physical access to the machine including to the DRAM chips themselves. In all these cases, SEV provides additional assurances to help protect the guest virtual machine code and data from the attacker. Note that SEV does not protect against denial-of-service attacks against the guest.

翻译： 因此，SEV 技术是围绕一个威胁模型构建的，在这个模型中，攻击者不仅可以访问目标机器上的用户级特权代码，而且还可以潜在地在更高的特权管理程序级别上执行恶意软件。攻击者也可能有物理访问机器，包括 DRAM 芯片本身。在所有这些情况下，SEV 都提供了额外的保证，以帮助保护来宾虚拟机代码和数据不受攻击者的攻击。请注意，SEV 不能防止针对客户机的拒绝服务攻击。

3. AMD SEV-SNP白皮书中所展示的威胁模型

https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf

As with the previous SEV and SEV-ES features, under SEV-SNP the AMD System-On-Chip (SOC) hardware, the AMD Secure Processor (AMD-SP), and the VM itself are all treated as fully trusted. The VM is responsible for protecting itself and its interfaces, and it should follow standard best practices for protecting any I/O data it uses such as network traffic, hard disk data, etc. To this end, AMD highly recommends using a Full Disk Encryption (FDE) solution with protected VMs since all SEV technologies only protect data in-use. FDE protects data-at-rest and many popular commercial solutions exist.

翻译： 与以前的 SEV 和 SEV-ES 特性一样，在 SEV-SNP 下，AMD System-On-Chip (SOC)硬件，AMD 安全处理器(AMD-SP)和 VM 本身都被视为完全可信。VM 负责保护自身及其接口，它应该遵循标准的最佳实践来保护它使用的任何 I/O 数据，如网络流量、硬盘数据等。为此，AMD 强烈建议使用带有受保护虚拟机的全盘加密解决方案，因为所有 SEV 技术只保护正在使用的数据。FDE 保护静止数据，并且存在许多流行的商业解决方案。

Under SEV-SNP, all other CPU software components and PCI devices are treated as fully untrusted as shown in Figure 2. This includes the BIOS on the host system, the hypervisor, device drivers, other VMs, etc. Fully untrusted means these components are assumed to be malicious, potentially conspiring with other untrusted components in an effort to compromise the security guarantees of an SEV-SNP VM.

翻译： 在 SEV-SNP 下，所有其他 CPU 软件组件和 PCI 设备都被视为完全不可信，如图2所示。这包括主机系统上的 BIOS、系统管理程序、设备驱动程序、其他 VM 等。完全不受信任意味着这些组件被认为是恶意的，可能与其他不受信任的组件合谋，以破坏 SEV-SNP VM 的安全保障。

The SEV-SNP threat model includes features that are designed to protect against additional threats than previous AMD SEV technologies. SEV and SEV-ES use the threat model of a “benign but vulnerable” hypervisor. In this threat model, the hypervisor is not believed to be 100% secure, but it is trusted to act with benign intent. Meaning that while the hypervisor was not actively trying to compromise the SEV VMs underneath it, it could itself have exploitable vulnerabilities. By either blocking or making certain attacks more difficult, SEV and SEV-ES technologies can help limit the potential exposure of certain classes of hypervisor bugs or raise the difficulty of exploitation significantly. SEV-SNP addresses additional attack vectors and potential threats to VM security. The threats which are and are not addressed by various SEV technologies are summarized in Table 1.

翻译： 该 SEV-SNP 威胁模型包括功能，旨在防止更多的威胁比以前的 AMD SEV 技术。SEV 和 SEV-ES 使用“良性但易受攻击”的 hypervisor 的威胁模型。在这种威胁模型中，系统管理程序并不被认为是100% 安全的，但是可以信任它以良好的意图进行操作。这意味着，虽然虚拟机监控程序没有主动尝试破坏其下的 SEV VM，但它本身可能存在可利用的漏洞。通过阻止或使某些攻击更加困难，SEV 和 SEV-ES 技术可以帮助限制某些类别的虚拟机监控程序错误的潜在风险，或显著提高开发的难度。SEV-SNP 解决了额外的攻击载体和对 VM 安全的潜在威胁。表1总结了各种 SEV 技术能够解决和不能够解决的威胁。