XPDS16: AMD's virtualization memory encryption technology - Brijesh Singh, Advanced Micro Devices (AMD)
1 like1,477 views
AMD presented on their memory encryption technologies for virtualized environments. Their hardware-based AMD Secure Memory Encryption and AMD Secure Encrypted Virtualization features provide encryption of memory to enhance security and isolation between VMs and the hypervisor. The encryption is performed inline by the memory controller with minimal performance impact. Key management is handled by the AMD Secure Processor to isolate encryption keys. Integration with Xen would involve calling APIs to manage keys and ASIDs for guests to provide encryption using these technologies.
![10 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 |
AMD SECURE ENCRYPTED VIRTUALIZATION DETAILS
Address Space ID (ASID) determines VM encryption key
‒ Maximum supported key can be obtained through Fn8000_001F[CX]
‒ ASID is tagged with all data within the SoC
‒ ASID determines encryption key to use when data enters/leaves SoC
HW and Guest page tables determine if a page is “private” or “shared”
‒ Instruction code pages always “private”
‒ Guest page tables always “private”
‒ Data pages can be “private” (C=1) or “shared” (C=0) depending on page tables
‒ Before CR4.PAE=1, all pages are “private”
All DMA must occur to “shared” pages
Example use: all guest pages are “private” except for DMA pages](https://image.slidesharecdn.com/21xensummit2016-brijeshsingh-160902153734/85/XPDS16-AMD-s-virtualization-memory-encryption-technology-Brijesh-Singh-Advanced-Micro-Devices-AMD-10-320.jpg)
XPDS16: AMD's virtualization memory encryption technology - Brijesh Singh, Advanced Micro Devices (AMD)
- 1. AMD Memory Encryption Xen Developer Summit 2016 Brijesh Singh
- 2. 2 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | AGENDA Technology Key Management Integration
- 3. Technology
- 4. 4 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | MOTIVATION -- CLOUD Hypervisor must enforce full isolation between co-resident VMs ‒ Typically using hardware virtualization support like AMD-V™ Technology ‒ “Logical isolation” using page tables, VM intercepts, etc. ‒ Sometimes breaks down ‒ QEMU “VENOM” (CVE-2015-3456) ‒ VirtualBox bug (CVE-2014-0983) ‒ Etc. Cloud users must fully trust the cloud hosting company ‒ Hypervisor has full access to guest secrets in memory ‒ Hypervisor enforces all isolation ‒ Not ideal for users or cloud companies
- 5. 5 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | HARDWARE MEMORY ENCRYPTION - ATTACKS User Access Attacks • Administrator scrapes memory of guest data areas • Administrator injects code into a guest VM • Hypervisor bug allows hosted guest to steal data from other guests Physical Access Attacks • Probe the physical DRAM interface • Install HW device that accesses guest memory • Freeze then steal DIMMs • Steal NVDIMMs DEFENDED BY AMD SECURE MEMORY ENCRYPTION + AMD SECURE ENCRYPTED VIRTUALIZATION
- 6. 6 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | HARDWARE MEMORY ENCRYPTION - HW SUPPORT Hardware AES engine located in the memory controller performs inline encryption/decryption of DRAM Minimal performance impact ‒ Extra latency only taken for encrypted pages No application changes required Encryption keys are managed by the AMD Secure Processor and are hardware isolated ‒ not known to any software on the CPU DRAM AES-128 Engine AMD Secure Memory Encryption / AMD Secure Encrypted Virtualization AMD Secure Processor1 Root of Trust Defense against unauthorized access to memory
- 7. 7 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | HW MEMORY ENCRYPTION – AMD SECURE MEMORY ENCRYPTION Helps protects against physical memory attacks Single key is used for encryption of system memory Hypervisor chooses pages to encrypt via page tables Support for hardware devices (network, storage, graphics cards) to access encrypted pages seamlessly through DMA Added Defense against unauthorized access to memory DRAM AES-128 Engine Xen Hypervisor Dom0 Key DomU DomU
- 8. 8 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | DRAM AES-128 Engine Xen Hypervisor PV Key PVH PVH Key Key PVH HW MEMORY ENCRYPTION – AMD SECURE ENCRYPTED VIRTUALIZATION Additional isolation of VMs from each other and administrator tampering One key for Hypervisor and one key per VM, groups of VMs, or VM/Sandbox with multiple containers Cryptographically isolates the hypervisor from the guest VMs Integrates with existing AMD-V™ technology System can also run unsecure VMs Enhances isolation of VMs Hypervisor Guest … Traditional Virtualization AMD Secure Encrypted Virtualization Hypervisor Guest Guest
- 9. 9 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | SEV ARCHITECTURE
- 10. 10 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | AMD SECURE ENCRYPTED VIRTUALIZATION DETAILS Address Space ID (ASID) determines VM encryption key ‒ Maximum supported key can be obtained through Fn8000_001F[CX] ‒ ASID is tagged with all data within the SoC ‒ ASID determines encryption key to use when data enters/leaves SoC HW and Guest page tables determine if a page is “private” or “shared” ‒ Instruction code pages always “private” ‒ Guest page tables always “private” ‒ Data pages can be “private” (C=1) or “shared” (C=0) depending on page tables ‒ Before CR4.PAE=1, all pages are “private” All DMA must occur to “shared” pages Example use: all guest pages are “private” except for DMA pages
- 11. Key Management
- 12. 12 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | AMD SECURE ENCRYPTED VIRTUALIZATION KEY MANAGEMENT Firmware executes on the AMD Secure Processor ‒ Isolated from x86 software Communicates with x86 software ‒ Mailbox registers ‒ Shared memory buffers Assists hypervisor in VM lifecycle ‒ Generates and manages encryption keys ‒ Bootstraps memory encryption during guest launch ‒ Prepares guest memory image for transmission before migration (or snapshot) ‒ Receives guest memory image after migration (or snapshot) Enforces guest policy ARCHITECTURE Hypervisor SEV Firmware MMIO Registers X86 Processor AMD Security Processor DRAM Command Buffer Memory Controller Keys
- 13. 13 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | AMD SECURE ENCRYPTED VIRTUALIZATION MANAGEMENT API Launch API’s - LAUNCH_START, LAUNCH_UPDATE, LAUNCH_FINISH - ACTIVATE, DEACTIVATE, DECOMISSION Migration and Snapshot API’s - SEND_START, SEND_UPDATE and SEND_FINISH Debugging API’s - GUEST_STATUS, DBG_DECRYPT, DBG_ENCRYPT Platform Key/Certificates management API’s - PSP_INIT, PSP_SHUTDOWN, PLATFORM_STATUS, FACTORY_RESET - PDH_EXPORT, PDH_GEN - PEK_GEN, PEK_IMPORT Reference: Secure Encrypted Virtualization Key Management
- 14. Integration
- 15. 15 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | INTEGRATION Key Management API ‒ Add support for calling launch guests, migrate guests, etc into Xen kernel. ‒ Unwrap and encrypt guests for execution ‒ Wrap/unwrap guest memory pages for migration ‒ Invoke AMD Secure Processor driver to perform communication with the AMD Secure Processor (Dom0) ‒ Update virtualization tools (libxl, libvirt, etc.) ‒ Initialize platform ‒ Store and provide guest key material ‒ Return guest measurements
- 16. 16 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | INTEGRATION Key Management API ASID Management ‒ AMD Secure Encrypted Virtualization guests must have the same ASID for all vCPUs ‒ Requires TLB flush if a different vCPU for the same ASID is to be run on the same host CPU ‒ AMD Secure Encrypted Virtualization guests must have an ASID value within specified range ‒ AMD Secure Encrypted Virtualization ASID range obtained through CPUID instruction ‒ Non-AMD Secure Encrypted Virtualization guests can use any ASID ‒ Should use a value outside the AMD Secure Encrypted Virtualization ASID range to avoid reducing available AMD Secure Encrypted Virtualization resources
- 17. 17 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | INTEGRATION Key Management API ASID Management Debug Support ‒ Controlled through guest policy ‒ Allows for QEMU to encrypt/decrypt guest memory ‒ Maintains compatibility with current debug techniques
- 18. 18 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | INTEGRATION Key Management API ASID Management Debug Support Next Step ‒ Start discussion on Xen-devel mailing list ‒ Send Xen SME RFC
- 19. 19 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | SOFTWARE SUMMARY AMD is developing ‒ AMD Secure Processor firmware to implement key management tasks (distributed in AGESA) ‒ Signed by AMD, source not public ‒ Xen Hypervisor modification and Guest kernel modification ‒ Open source Other major components ‒ Linux kernel support for AMD Secure Memory Encryption and AMD Secure Encrypted Virtualization ‒ RFC patches have been sent to LKML
- 20. 20 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | REFERENCES Whitepapers (http://developer.amd.com/resources/documentation-articles/articles-whitepapers/) ‒ AMD Memory Encryption – Overview of AMD Secure Memory Encryption and AMD Secure Encrypted Virtualization features Manuals/Specifications (http://developer.amd.com/resources/documentation-articles/developer-guides- manuals/) ‒ AMD64 Architecture Programmer’s Manual Volume 2: System Programming (sections 7.10 and 15.34) ‒ Secure Encrypted Virtualization Key Management
- 21. 21 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | Thank You!
- 22. 22 | AMD MEMORY ENCRYPTION | XEN SUMMIT 2016 | DISCLAIMER & ATTRIBUTION The information presented in this document is for informational purposes only and may contain technical inaccuracies, omissions and typographical errors. The information contained herein is subject to change and may be rendered inaccurate for many reasons, including but not limited to product and roadmap changes, component and motherboard version changes, new model and/or product releases, product differences between differing manufacturers, software changes, BIOS flashes, firmware upgrades, or the like. AMD assumes no obligation to update or otherwise correct or revise this information. However, AMD reserves the right to revise this information and to make changes from time to time to the content hereof without obligation of AMD to notify any person of such revisions or changes. AMD MAKES NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE CONTENTS HEREOF AND ASSUMES NO RESPONSIBILITY FOR ANY INACCURACIES, ERRORS OR OMISSIONS THAT MAY APPEAR IN THIS INFORMATION. AMD SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. IN NO EVENT WILL AMD BE LIABLE TO ANY PERSON FOR ANY DIRECT, INDIRECT, SPECIAL OR OTHER CONSEQUENTIAL DAMAGES ARISING FROM THE USE OF ANY INFORMATION CONTAINED HEREIN, EVEN IF AMD IS EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ATTRIBUTION © 2016 Advanced Micro Devices, Inc. All rights reserved. AMD, the AMD Arrow logo and combinations thereof are trademarks of Advanced Micro Devices, Inc. in the United States and/or other jurisdictions. Other names are for informational purposes only and may be trademarks of their respective owners. 1. AMD Secure Processor (formerly “Platform Security Processor” or “PSP”) is a dedicated processor that features ARM TrustZone® technology, along with a software-based Trusted Execution Environment (TEE) designed to enable third-party trusted applications. AMD Secure Processor is a hardware- based technology which enables secure boot up from BIOS level into the TEE. Trusted third-party applications are able to leverage industry-standard APIs to take advantage of the TEE’s secure execution environment. Not all applications utilize the TEE’s security features. AMD Secure Processor is currently only available on select AMD A-Series and AMD E-Series APUs. GD-72