AMD Virtualization security encryption Xiao Long exposed vulnerabilities: has been fixed
Earlier this year, Google's One researcher found that security encryption within AMD EPYC Xiao Long processor virtualization (SEV) in the presence of a security vulnerability that allows an attacker to obtain the security key, and then visit originally isolated virtual machine. Xiao Long SEV function allows multiple processor system on a virtual machine is completely isolated from each other while using the elliptic curve algorithm generates different encryption key from the hardware level, to ensure that each virtual machine has its own independent security protection.
Visit the purchase page:
To this end, an embedded processor Xiao Long PSP platform security processor, based on ARM Cortex cores.
February 19 this year, the vulnerability is first fed back to AMD , AMD four days later confirmed this vulnerability, Google also immediately provide proof of concept attack code.
However, AMD's repair process some twists and turns, when the May 13 to 30 days of application expose this vulnerability, June 4 released version 0.17 Build 22 after fix the code, and re-apply for an extension of 7 days.
Until June 25, the details of this vulnerability became public, but this time AMD has completed the repair, Xiao Long users can upgrade the firmware.
