Side Channels

Recently, there has been significant security research on CPU side-channel attacks, which exploit the internal structures of the CPU to leak information. One prominent example is Spectre Variant 2, which leverages hardware branch prediction to create data leakage under specific conditions. AMD has responded to such attacks by introducing hardware capabilities to aid software in defending against them, such as Spectre Variant 2.

Spectre Variant 2 demonstrated that the indirect branch predictor (BTB) could be exploited when certain software conditions are met, assuming an attacker can influence the branch predictions of another entity. In AMD's latest CPU designs, support has been added for the SPEC_CTRL MSR and PRED_CMD MSR, which provide more software control over the BTB structure. In the SEV-SNP architecture, the SPEC_CTRL MSR is virtualized, allowing the guest to set its own speculation policy independently of the hypervisor. This empowers the guest to use modes like IBRS (Indirect Branch Restricted Speculation) for added security.

In traditional virtualization, the hypervisor employs protective measures against guest-based attacks, such as retpoline or running with IBRS enabled. However, when the hypervisor is not trusted, the guest may also be concerned about hypervisor-based attacks, including malicious attempts to poison BTB entries. To address this, SEV-SNP VMs can enable additional protection, wherein the CPU hardware prevents the VM from speculatively using BTB entries installed by other entities. This feature automatically performs a BTB flush when necessary to prevent speculative use of such entries.

Simultaneous Multi-Threading (SMT) is another area of CPU hardware that has been targeted in side channel research due to shared hardware resources. To counter potential observation channels, sensitive SEV-SNP VMs can choose to be restricted to running only on SMT-disabled systems.

While SEV-SNP provides options for protection from certain speculative side channel attacks and SMT concerns, it cannot safeguard against all possible side channel attacks. Attacks like PRIME+PROBE, which target specific vulnerable software algorithms based on cache or TLB access patterns, are not protected by SEV-SNP. It is the responsibility of VM owners to follow standard security practices and update their software to avoid such vulnerabilities.

Other side channel attack categories, like application fingerprinting attacks, are outside the scope of SEV-SNP. These attacks aim to determine the application being run, but they do not directly compromise the confidentiality or integrity of guest VM data. Future versions of SEV may include additional protections against some of these attack vectors.

In summary, while SEV-SNP offers valuable protections against certain side channel attacks, it is crucial for VM owners to stay vigilant, follow best security practices, and keep their software up to date to safeguard against potential vulnerabilities.