AMDSEV

AMD Secure Encrypted Virtualization (by AMDESE)
Add to my DEV experience Suggest topics
Source Code
Suggest alternative
Edit details
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

AMDSEV Alternatives

Similar projects and alternatives to AMDSEV

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better AMDSEV alternative or higher similarity.
Suggest an alternative to AMDSEV

AMDSEV reviews and mentions

Posts with mentions or reviews of AMDSEV. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-11-10.
  • Mullvad: Moving our Encrypted DNS servers to run in RAM
    4 projects | news.ycombinator.com | 10 Nov 2023
    Okay, if we are switching the topic now to AMD's memory encryption, I'll bite, too.

    First: Only Ryzen PRO or EPYC models support it, which kind of kicks out all mobile or laptop systems already. Then, only Zen3 CPUs work, because previous generations have a boot freeze bug, which wasn't fixed and upstream linux 5.15 as a result disabled the mem encrypt flag by default.

    Second: Before you switch topic to SEV, that's only supported for EPYC models, see here [2]

    Regarding attacks: At least AMD had an injection attack problem where SEV in EPYC 7xxx and 3xxx processors was confirmed to be affected without AMD confirming the vulnerability (yet...). It was a master thesis iirc from a guy in luebeck.

    There are also known sidechannel attacks which void RAM encryption in practice, like Hertzbleed which used frequency scaling to decrypt ECDSA and PIKE SIDH (which is meanwhile known to be unsecure, at least for PIKE). [3]

    Google also did an audit on Intel's TDX where they found bugs in loop boundaries, off by one errors and similar feasible attack methods (which haven't been published as a PoC yet, so I grant you that). [4]

    So I would still argue that with these very narrow set of available processors (Intel Pro 13th generation for TME and EPYC 7xxx that have both SME and SEV) is highly limited in its availability and also not available for laptop hardware due to them being server CPUs.

    Additionally there's been a lot of attack surfaces that have been proven to have access to SME or SEV stored keys in the CPU and there have been other sidechannel attacks which conceptionally are very unlikely to be fixed anytime soon.

    So I would still argue that memory encryption in practice is unreliable.

    [1] https://lists.freedesktop.org/archives/amd-gfx/2021-October/...

    [2] https://github.com/AMDESE/AMDSEV/issues/1

    [3] https://www.hertzbleed.com/

    [4] https://services.google.com/fh/files/misc/intel_tdx_-_full_r...

    Edit: found the AMD injection attack thesis:

    [01] https://www.its.uni-luebeck.de/fileadmin/files/theses/MA_Luc...

    Another attack on SEV, which was confirmed by others since the USENIX conference. Both of the techniques rely heavily on pattern matching to find the decryption oracles though, and around 16 bytes for their OpenSSH demonstrations.

    [02] https://www.its.uni-luebeck.de/fileadmin/files/theses/MA_Luc...

    [02]

Stats

Basic AMDSEV repo stats
1
269
2.1
29 days ago

The primary programming language of AMDSEV is Shell.

Popular Comparisons

  1. AMDSEV VS stboot
  2. AMDSEV VS dns-blocklists

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com