CAVEaT

Hey everyone,

Mari has shared the following details on two new confidential computing related attacks against AMD and Intel trusted execution environments for analysis during the October 18th CAVEaT working group meeting. Since there isn't many real world examples of these type of attacks, this would be perfect for CAVEaT to provide guidance for Confidential Computing Threat to Model:

CounterSEVeillance and TDXdown attacks: Two teams of academics have published details on two new attacks that can break the confidentiality of CPU trusted execution environments (TEEs). The attacks allow threat actors to recover sensitive data from sections of a CPU that have been designed to protect important data. The first attack is named CounterSEVeillance [PDF] and can recover data from AMD's Secure Encrypted Virtualization (SEV) TEE. The second attack is named TDXdown and impacts Intel's newest TEE technology, the Trust Domain Extensions (TDX). Both technologies are commonly used in cloud computing and virtual machine technologies. AMD has published guidance on how to deal with the attack, while Intel released firmware patches. [Additional coverage in SecurityWeek]

Join Zoom Meeting - Friday, 10/18, 12 PM PT: 
https://cloudsecurityalliance.zoom.us/j/85883295665

Thanks,
Alex

------------------------------
Alex Kaluza
Research Analyst
Cloud Security Alliance
------------------------------

Additional Info:

The Heckler which was an attack against SEV-SNP and TDX presented at USENIX Security 2024 back in August. The details, including the full research paper, is hosted on the associated GitHub site https://ahoi-attacks.github.io/heckler/.
 
As for stepping attacks, see the SGX Step tool https://github.com/jovanbulck/sgx-step.

------------------------------
Alex Kaluza
Research Analyst
Cloud Security Alliance
------------------------------

Original Message:
Sent: Oct 17, 2024 04:00:09 PM
From: Alex Kaluza
Subject: CounterSEVeillance and TDXdown attacks analysis - October 18th working group meeting

Hey everyone,

Mari has shared the following details on two new confidential computing related attacks against AMD and Intel trusted execution environments for analysis during the October 18th CAVEaT working group meeting. Since there isn't many real world examples of these type of attacks, this would be perfect for CAVEaT to provide guidance for Confidential Computing Threat to Model:

CounterSEVeillance and TDXdown attacks: Two teams of academics have published details on two new attacks that can break the confidentiality of CPU trusted execution environments (TEEs). The attacks allow threat actors to recover sensitive data from sections of a CPU that have been designed to protect important data. The first attack is named CounterSEVeillance [PDF] and can recover data from AMD's Secure Encrypted Virtualization (SEV) TEE. The second attack is named TDXdown and impacts Intel's newest TEE technology, the Trust Domain Extensions (TDX). Both technologies are commonly used in cloud computing and virtual machine technologies. AMD has published guidance on how to deal with the attack, while Intel released firmware patches. [Additional coverage in SecurityWeek]

Join Zoom Meeting - Friday, 10/18, 12 PM PT: 
https://cloudsecurityalliance.zoom.us/j/85883295665

Thanks,
Alex

------------------------------
Alex Kaluza
Research Analyst
Cloud Security Alliance
------------------------------