Compromising the AMD SEV Ecosystem
If a VM has been backdoored, the cryptographic attestation will fail and immediately alert the VM admin of the compromise. Or at least that’s how SEV-SNP is designed to work. BadRAM is an attack that a server admin can carry out in minutes, using either about $10 of hardware, or in some cases, software only, to cause DDR4 or DDR5 memory modules to misreport during bootup the amount of memory capacity they have. From then on, SEV-SNP will be permanently made to suppress the cryptographic hash attesting its integrity even when the VM has been badly compromised.
The Attack
“BadRAM completely undermines trust in AMD’s latest Secure Encrypted Virtualization (SEV-SNP) technology, which is widely deployed by major cloud providers, including Amazon AWS, Google Cloud, and Microsoft Azure,” members of the research team wrote in an email. “BadRAM for the first time studies the security risks of bad RAM—rogue memory modules that deliberately provide false information to the processor during startup. We show how BadRAM attackers can fake critical remote attestation reports and insert undetectable backdoors into _any_ SEV-protected VM.”
A Stroll Down Memory Lane
Modern dynamic random access memory for servers typically comes in the form of DIMMs, short for Dual In-Line Memory Modules. The basic building block of these rectangular sticks are capacitors, which, when charged, represent a binary 1 and, when discharged, represent a 0. The capacitors are organized into cells, which are organized into arrays of rows and columns, which are further arranged into ranks and banks. The more capacitors that are stuffed into a DIMM, the more capacity it has to store data. Servers usually have multiple DIMMs that are organized into channels that can be processed in parallel.
Compromising the AMD SEV Ecosystem
We found that tampering with the embedded SPD chip on commercial DRAM modules allows attackers to bypass SEV protections—including AMD’s latest SEV-SNP version. For less than $10 in off-the-shelf equipment, we can trick the processor into allowing access to encrypted memory. We build on this BadRAM attack primitive to completely compromise the AMD SEV ecosystem, faking remote attestation reports and inserting backdoors into any SEV-protected VM.
Patching the Vulnerability
In response to a vulnerability report filed by the researchers, AMD has already shipped patches to affected customers, a company spokesperson said. The researchers say there are no performance penalties, other than the possibility of additional time required during boot up. The BadRAM vulnerability is tracked in the industry as CVE-2024-21944 and AMD-SB-3015 by the chipmaker.
Conclusion
The BadRAM attack has shown that even the most advanced security technologies can be compromised with minimal resources. The attack highlights the importance of securing the entire system, including the memory modules, to prevent such attacks. The researchers’ findings serve as a wake-up call for the industry to revisit the security of cloud computing and take necessary measures to prevent such attacks in the future.
FAQs
Q: What is BadRAM?
A: BadRAM is an attack that allows attackers to bypass SEV protections by tampering with the embedded SPD chip on commercial DRAM modules.
Q: What is SEV-SNP?
A: SEV-SNP is a technology developed by AMD that protects privacy and trust in cloud computing by encrypting a virtual machine’s (VM’s) memory and isolating it from advanced attackers.
Q: How does the BadRAM attack work?
A: The BadRAM attack works by tricking the processor into allowing access to encrypted memory by tampering with the embedded SPD chip on commercial DRAM modules.
Q: What is the impact of the BadRAM attack?
A: The BadRAM attack allows attackers to fake critical remote attestation reports and insert undetectable backdoors into any SEV-protected VM, compromising the AMD SEV ecosystem.
Q: Has AMD patched the vulnerability?
A: Yes, AMD has already shipped patches to affected customers, and the researchers say there are no performance penalties, other than the possibility of additional time required during boot up.
