TUM Logo

Leveraging hardware-assisted TEEs to protect host secrets in an OS-level virtualization environment

Leveraging hardware-assisted TEEs to protect host secrets in an OS-level virtualization environment

Supervisor(s): Christian Epple, Felix Wruck, Dr. Michael Weiß
Status: inprogress
Topic: Others
Author: Martin Radev
Submission: 2020-11-16
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


Protecting long-term secrets using AMD SEV

Student: Martin Radev

Advisor: Christian Epple April 30, 2020

Disk encryption provides protection against unauthorized access by having data on disk always be stored encrypted. Current disk encryption methods require that a user has to provide before or after boot a cryptographic key which is stored in the Kernel’s physical memory in plain text. The latter is necessary since the kernel is responsible for reading from and writing to disk during the its lifetime. This approach is susceptible to cold boot attacks where the unauthorized user can also read directly the physical memory to locate the cryptographic key. With the growing trend of using Non-Volatile RAM (NVRAM) this allows an attacker with physical access to steal both the physical memory and the encrypted disk, and just then scrape physical memory.

In 2016, AMD introduced the Secure Encrypted Virtualization (SEV) extension which enables the creation of Virtual Machines (VM) protected from the Hypervisor (HV) through physical memory encryption. Later AMD released the Encrypted State (SEV- ES) extension which also encrypts the VMs register state. The encrytion key used for decryption is stored in the SRAM of the Platform Security Processor (PSP) and is never accessible by the HV or the Guest. The PSP is responsible for transparently decrypting and encrypting the VMs memory when accessed by the VM. Because the PSP stores crit- ical information for the execution of the VM, The relocation of the VM to another CPU follows a multi-stage process with the collaboration of the HV and the VM user.

This goal of this Master thesis is to design and develop a Proof-of-Concept solution for storing disk encryption keys and other long terms secrets within a SEV-protected VM. With this approach, the encryption decryption of sensitive data would be delegated to the SEV-protected VM. The VM would communicate the decrypted or encrypted information back to the HV without ever disclosing the long-term secret. This design provides ad- ditional hardening against cold boot attacks since an attacker would have to extract the secret key from the VM while it is still running.

The first goal in this Master thesis is to design an interface for delegating encryption and decryption operations to a SEV-protected VM. The VM would run a supported Linux distribution and have the necessary modifications to support this work. The second goal in this Master thesis is to design a minimal kernel to run within a SEV-protected VM and handle the encryption and decryption operations. Such an approach would be interesting since it would require less memory to operate, it would reduce complexity in the VM’s kernel and would likely offer better performance.