AMD Secure Encrypted Virtualization technologies enable confidential computing by protecting virtual machines from highly privileged software such as hypervisors. In this work, we develop the first, comprehensive symbolic model of the software interface of the latest SEV iteration called SEV Secure Nested Paging (SEV-SNP). Our model covers remote attestation, key derivation, page swap and live migration. We analyze the security of the software interface of SEV-SNP by verifying critical secrecy, authentication, attestation and freshness properties, and find that the platform-agnostic nature of messages exchanged between SNP guests and the AMD Secure Processor firmware presents a weakness of the design. We show multiple ways of exploiting this weakness, including the compromise of attestation report integrity, and suggest slight modifications to the design which let third parties detect guest migrations to vulnerable platforms

翻译：AMD安全加密虚拟化技术通过保护虚拟机免受诸如虚拟机监控器等高权限软件的攻击，实现了机密计算。在本工作中，我们首次开发了最新一代SEV迭代（即SEV安全嵌套分页，SEV-SNP）软件接口的完整符号模型。该模型涵盖了远程证明、密钥派生、页面交换及实时迁移。我们通过验证关键的保密性、认证、证明及新鲜度属性，分析了SEV-SNP软件接口的安全性，发现SNP客户机与AMD安全处理器固件之间交换的消息具有平台无关性，这构成了设计上的一个弱点。我们展示了利用该弱点的多种方式，包括破坏证明报告的完整性，并建议对设计进行轻微修改，以允许第三方检测客户机向易受攻击平台的迁移。