• pullupsNpushups@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    As the commenter under that article stated, it’s odd that AMD designed SEV in a way that the initial value is enough to pass the authentication.

    • Jannik2099@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This is incorrect, the “default value” is a poorly translated example from the german article - this exploit does NOT rely on resetting any SEV-specific memory or similar.

      • pullupsNpushups@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I re-read the article and the original ComputerBase article, and I think I have a better understanding of it now. You can read my update and let me know if I’m still misunderstanding it.

        • Jannik2099@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Yes, you understood correctly.

          This is also not a rare occurence, you can programmatically find locations in a binary where un-doing a cached write allows manipulating control flow - there are more examples in the paper.

          You will likely find these locations (called gadgets) in just about every binary - not because all devs are stupid and set the default to the “exploitable” case, but because this is how compiler code generation pans out in the grand scheme of things.

    • ThreeLeggedChimp@alien.topB
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      It’s similar to when Mac OS accepted an empty password at login.

      Pretty sure this sub will use the same defense as /r/apple did.

  • Put_It_All_On_Blck@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    For those that are inevitably too lazy to click

    The vulnerability affects first through third generation EPYC CPUs (Naples, Rome, and Milan), but AMD has only made a microcode patch for third generation Milan chips.

  • capn_hector@alien.topB
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    “SEV not intended to be protective” is the biggest load of horseshit I’ve heard, even intel didn’t beat around the bush with actually admitting they had flaws and patching them.

    Amd didn’t patch the take-a-way or prefetch+TLB bleed either, because shipping a secure processor would have hurt their benchmark scores too much. So they just continued to ship insecure-by-default (and recommend against enabling the mitigations by default) those other times too.