alt.hn

5/17/2026 at 10:23:30 PM

Fabricked: Misconfiguring Infinity Fabric to Break AMD SEV-SNP

 https://xca-attacks.github.io/fabricked/

by negura

5/18/2026 at 1:10:10 AM

There are microcode updates for this already https://www.amd.com/en/resources/product-security/bulletin/a...

by eggnet

5/18/2026 at 1:28:55 AM

but is it possible to verify that the cloud provider has applied the update?

by negura

5/18/2026 at 1:53:36 AM

Yes, it is. You do have to have some infrastructure you trust somewhere to validate an attestation report from the confidential VM.

by eggnet

5/18/2026 at 1:39:41 AM

/proc/cpuinfo shows the current microcode version

by nvme0n1p1

5/18/2026 at 2:24:00 AM

i don't think the information that unprivilleged VMs can obtain from that is necessarily reliable. for example with Xen as hypervisor only dom0 is privilleged (as management console for the system) and still it needs to call dedicated tooling in order to read or manage CPU features like clock speed or frequency scaling

by negura

5/17/2026 at 11:16:51 PM

I wonder how much more expensive it is to rent the whole physical machine at all times for confidential computing purposes, compared to the losses incurred by a breach.

by nine_k

5/18/2026 at 12:44:53 AM

The premise of attestation is supposed to be that you can use hardware even though it's in the physical possession of someone you don't trust. It's a terrible idea, because vulnerabilities are found on a regular basis and the party you're not supposed to be trusting is then already in possession of your sensitive data when the next one is published. The premise should be abandoned and the parties attempting to get anyone to rely on it should be lampooned and run out of town.

Not having a multi-tenant system is something else. There you're trying to be protected from other customers, not the provider. Excluding other tenants still wouldn't protect you against the provider, especially on systems with proprietary and potentially exploitable ring -1 hardware they could already be silently in control of even when the entire machine is allocated to you.

Meanwhile for anything on the scale of an organization, having physical possession of the machine yourself isn't that expensive. People got hoodwinked when virtualization first came around because they compared the cost of having a mostly-idle physical server for each of their applications to having that many cloud VMs, and the cloud VMs were cheaper, but that isn't the right comparison. You don't compare having 100 physical machines to having 100 VMs, even if people used to use 100 physical machines for that in 2005. You compare it to having three physical machines that can each run 100 VMs, and then having physical possession of your own hardware is frequently less expensive.

by AnthonyMouse

5/18/2026 at 4:07:29 AM

It's actually several times cheaper to rent a whole physical machine than to rent a single Amazon VM of equivalent compute power.

by tardedmeme

5/18/2026 at 4:19:39 AM

Unless you want that whole machine to support IAM/VPC/EBS/etc and have proximity to your other VMs.

by wmf

5/18/2026 at 4:25:05 AM

Yeah I mean sunk cost fallacy, right? If you’ve already hit critical mass in AWS of course you’re going continue investing in it.

If I were to be CTO of a brand new company today, I’d probably just colocate my own servers with K8S. Much cheaper and much lower latency. 2x 1TB RAM servers with 3x 8TB high speed U.2/U.3 drives each would last years.

by nullpoint420

5/18/2026 at 4:38:48 AM

With sufficiently defined lease contracts it should be possible to price out the used machine risk from a new machine... Hmm

by oakwhiz

5/18/2026 at 12:14:19 AM

A lot more expensive and this is required for any classified data. I honestly don't think you can truly securely share a CPU with a hostile tenant because their are just too many side-channels.

by UltraSane

5/18/2026 at 12:29:40 AM

A hostile tenant is insufficient if you read the summary. You need a malicious hypervisor (ie your cloud provider) or a way to escape the sandbox and attack the hypervisor. Both attacks are highly unlikely in practice

by vlovich123

5/18/2026 at 1:51:59 AM

Requires an already compromised hypervisor / UEFI. Yawn.

by procone

5/18/2026 at 2:11:09 AM

The only purpose of SEV is to protect a guest against the person who controls the hypervisor.

So this is a threat against SEV.

by Borealid

5/18/2026 at 12:38:25 AM

What purpose does the "news" of finding another way to break "confidential computing" serve, other than proliferate the incorrect assumption that there even was a working concept beforehand?

by edelbitter

5/18/2026 at 2:38:13 AM

I guess the reason you provided is the answer to the question.

by stingraycharles

5/18/2026 at 12:30:50 AM

More evidence that "confidential computing" is just a trick to convince people to hand over control of their computing to "someone else's machine". Never trusted the clown, and never will.

by userbinator

5/18/2026 at 12:36:28 AM

A vulnerability is a trick? All complex systems have them, but eventually they will all be formally verified and secure. Progress marches on. Unless you’d rather make your own processors along with the moonshine in your shed, of course.

by 7e

5/18/2026 at 12:47:57 AM

If there is a vulnerability in a system you control, you can mitigate it until it can be patched, or if necessary disable access to it until it can be patched.

If there is a vulnerability in a system controlled by an untrusted party that already has your sensitive data on it, you're pwned.

by AnthonyMouse