This looks like the same caliber as Sinkclose, it requires kernel (ring 0) access.
There is a fix from AMD, so I hope the upcoming BIOS release will include it.
3 Likes
Can we even use encrypted virtualization on consumer chips?
A breach of encrypted virtualization is only one potential outcome. The proof-of-concept cripples the CPU’s RDRAND instruction, which is used to generate random numbers, making it always return the number 4. That’s as random as any other number, but who wants a dice that always rolls 4? RDRAND is important for any kind of cryptographic operations including HTTPS, and it would be as easy to break any other instruction for different results.
1 Like
With kernel access there are plenty of other things that can give the rest of the kernel bad random data or way worse, so the stuff that is interesting about this this is probably not that but that it can break encrypted virtualization and stuff.
:)))
4 Likes
TBC this requires a bios update, as opposed to a standard microcode update, because it’s about actual microcode patching / validation?
only affects EPYC CPUs. see replies
The POC that was released also works on the 7940HS, so I’m fairly certain that is not the case.
2 Likes
AMD only released an advisory/patch for Epyc so far, but it very much does affect consumer CPUs
the PoC works out of the box on my 16
3 Likes
On the bright side, once the tools are released, we might get to experiment with our own DIY microcodes.
Wow, thanks for pointing it out. IMO, it’s unacceptable for AMD to not release advisory.
1 Like
Hopefully it’s not too serious, since we’re probably in for another 6 months before a BIOS update. 
4 Likes