Posted on 07 August, 2019
The need for CPU security
Driven by mobile, social media and the need for on demand services, the IT landscape has changed over the last decade. There have been advances in networking and cloud computing, with datacentres hosting huge amounts of data and processing power. With the growing size of infrastructure, the need for security to protect data is paramount. Hardware and software are both required in order to provide security. At the OS and software level, only so much can be done and the various security software’s on their own are not enough. CPU manufacturers, such as AMD, are providing solutions with built in hardware level security features at the microchip level.
As CPU’s are used in systems in a wide range of industries, it’s important for security to be a key aspect of their design. We have already seen some serious security flaws in processors, including the recently widely reported Spectre and Meltdown vulnerabilities. These exploits came about due to flaws in CPU chip designs and affected billions of electronic devices such as mobile phones and of course, computers. AMD CPU’s were less affected than Intel chips, yet all modern CPUs are vulnerable to Spectre attacks. AMD’s processor architectures made their CPU range more difficult to exploit. With regards to the Meltdown exploit, AMD believe their processors are not susceptible due their use of privilege level protections within paging architecture and therefore no mitigation steps were required to alleviate the issues.
With the launch of its EPYC™ CPU’s, AMD has established itself as a key player in the enterprise grade CPU market. The newer generation AMD EPYC™ 7002 Generation Processors aim to continue to offer the most robust and secure CPU’s in the marketplace. In terms of security AMD has implemented several technologies in its CPU platform and this continues with 2nd Gen AMD EPYC. These technologies include Secure Memory Encryption (SME), Encrypted Virtualization (SEV), Secure Encrypted Virtualization-Encrypted State (SEV-ES) and mitigation of side channel attacks.
A Closer Look at AMD's Security features
AMD Secure Memory Encryption (SME)
As Servers are host to huge amounts of data it is important that sensitive data cannot be compromised. When data is stored in main memory in plain text, this leaves the data exposed and therefore vulnerable to various user access; these could range from scraping memory of guest data or being able to steal data from neighbouring guest virtual machines due to a hypervisor bug. Also, data stored in DRAM in plain text can be susceptible to physical access attacks allowing data to be stolen.
The AMD EPYC™ platform, including the upcoming 7002 Generation Processors, have hardware accelerated memory encryption for protection of in use data.
Secure Memory Encryption (SME) is an x86 instruction set extension introduced by AMD for page-granular memory encryption support. SME uses a single key to encrypt system memory, which is generated by the AMD Secure Processor (a separate, dedicated ARM based processor which enables secure boot up from BIOS level into the Trusted Execution Environment). The AMD Secure Processor provides cryptographic functionality for secure key generation and key management.
The SME extension defends against attacks by allowing all main memory to be encrypted. This is done by providing the ability for software to mark certain pages to be encrypted. These pages are then automatically decrypted and encrypted upon software read and write. A 128-bit ephemeral AES key is used to encrypt the pages, this key is created randomly using a hardware random generator at each boot and is not accessible by software. To ensure this key is secure a new one is generated by the processor on every boot. On the AMD EPYC™ platform, an AES-128 encryption engine is embedded in the memory controller, and this is what is used to encrypt and decrypt the data provided the correct key is present.
SME requires enabling in the system BIOS or operating system. When enabled in the BIOS, memory encryption is transparent and can be run with any operating system.
A subset of SME, Transparent SME (TSME), is a more limited form of SME used to transparently encrypt the full physical memory.
Secure Encrypted Virtualization (SEV) extends SME to AMD virtualisation, allowing individual VMs to run SME using their own secure keys. See below for details on SEV. With the addition of SEV, the security provided by SME can be extended to cloud users that can have fully private memory inaccessible to hypervisor or host software.
AMD Secure Encrypted Virtualization (SEV)
As an extension to SME, Secure Encrypted Virtualization (SEV) extends the security features out to AMD virtualisation, which effectively enables per-virtual machine SME. This allows individual VMs running on AMD hardware to run SME using their own secure keys.
Each virtual machine has its own key, and this allows the guests and the hypervisor to be isolated from one another. As with SME, the keys are managed by the AMD Secure Processor. SEV must be enabled in both the hypervisor and guest OS. The hypervisor can then use hardware virtualization instructions and communication with the AMD Secure processor to manage the appropriate keys in the memory controller. The guest OS allows the VM to indicate which pages in memory should be encrypted. This means that SEV enables running encrypted virtual machines in which the code and data of the VM are private to the VM and may only be decrypted within the VM itself.
With the 2nd Generation AMD EPYC platform, AMD have increased the number of keys available to virtual machines. Therefore, more VM’s can be secured in this way and this would be a great benefit for virtualised environments and cloud providers.
AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES)
When a virtual machine stops running, the Secure Encrypted Virtualization with Encrypted State (SEV-ES) feature blocks attacks by encrypting and protecting all CPU register contents. This prevents the leakage of information in CPU registers to components like the hypervisor and can even detect malicious modifications to a CPU register state. SEV-ES builds upon SEV to provide an even smaller attack surface and additional protection for a guest VM from the hypervisor.
Security is clearly an important consideration in modern CPU design and in the IT industry in general. More and more attack vectors are used daily in cyber-attacks on the IT industry, as the result of new vulnerabilities being discovered and exploited. Therefore, there is a motivation from the IT industry for more secure hardware and software platforms. AMD have shown in their microprocessor design that security features are of paramount importance, utilising hardware and software to mitigate potential vulnerabilities.
At Boston, we work closely with AMD and have servers ready with AMD EPYC™ 7002 Generation Processors. We offer bespoke solutions that are suitable for a wide variety of applications. To find out more, our contacts details are at the end of this article.
2nd Gen AMD EPYC™ Available at launch with Boston
If you would like more information or design and architecture help around AMD's 2nd Generation of EPYC™ processors, then we'd be keen to hear from you. You can get in touch below:
Further information on AMD's 2nd Generation of EPYC™ and 1st Generation of EPYC™ can be found on our website and in our other blog.