AMD Secure Encrypted Virtualization technologies enable confidential computing by protecting virtual machines from highly privileged software such as hypervisors. In this work, we develop the first, comprehensive symbolic model of the software interface of the latest SEV iteration called SEV Secure Nested Paging (SEV-SNP). Our model covers remote attestation, key derivation, page swap and live migration. We analyze the security of the software interface of SEV-SNP by verifying critical secrecy, authentication, attestation and freshness properties, and find that the platform-agnostic nature of messages exchanged between SNP guests and the AMD Secure Processor firmware presents a weakness of the design. We show multiple ways of exploiting this weakness, including the compromise of attestation report integrity, and suggest slight modifications to the design which let third parties detect guest migrations to vulnerable platforms

翻译：AMD安全加密虚拟化技术通过保护虚拟机免受诸如虚拟机监控器等高度特权软件的侵害，实现了机密计算。本研究首次建立了最新一代SEV迭代——SEV安全嵌套分页（SEV-SNP）软件接口的全面符号化模型。该模型涵盖了远程证明、密钥派生、页面交换及实时迁移。通过验证关键机密性、认证、证明和新鲜度属性，我们分析了SEV-SNP软件接口的安全性，发现SNP客户机与AMD安全处理器固件之间交换消息的平台无关性设计存在薄弱环节。我们展示了利用此弱点的多种途径，包括破坏证明报告的完整性，并提出对设计的细微修改，使第三方能够检测到客户机迁移至易受攻击的平台。