Tag Archives: AMD Secure Processor

Google Cloud Confidential VM With 2nd Gen AMD EPYC!

Google Cloud Confidential VM With 2nd Gen AMD EPYC!

Google recently introduced Confidential Computing, with Confidential VM as the first product, and it’s powered by 2nd Gen AMD EPYC!

Here’s an overview of Confidential Computing and Confidential VM, and how they leverage the 2nd Gen AMD EPYC processor!

 

Google Cloud Confidential Computing : What Is It?

Google Cloud encrypts customer data while it’s “at-rest” and “in-transit“. But that data must be decrypted because it can be processed.

Confidential Computing addresses that problem by encrypting data in-use – while it’s being processed. This ensures that data is kept encrypted while in memory and outside the CPU.

 

Google Cloud Confidential VM, Powered By 2nd Gen AMD EPYC

The first product that Google is unveiling under its Confidential Computing portfolio is Confidential VM, now in beta.

Confidential VM basically adds memory encryption to the existing suite of isolation and sandboxing techniques Google Cloud uses to keep their virtual machines secure and isolated.

This will help customers, especially those in regulated industries, to better protect sensitive data by further isolating their workloads in the cloud.

Google Cloud Confidential VM : Key Features

Powered By 2nd Gen AMD EPYC

Google Cloud Confidential VM runs on N2D series virtual machines powered by the 2nd Gen AMD EPYC processors.

It leverages the Secure Encrypted Virtualisation (SEV) feature in 2nd Gen AMD EPYC processors to keep VM memory encrypted with a dedicated per-VM instance key.

These keys are generated and managed by the AMD Secure Processor inside the EPYC processor, during VM creation and reside only inside the VM – making them inaccessible to Google, or any other virtual machines running on the host.

Your data will stay encrypted while it’s being used, indexed, queried, or trained on. Encryption keys are generated in hardware, per virtual machine and are not exportable.

Confidential VM Performance

Google Cloud worked together with the AMD Cloud Solution team to minimise the performance impact of memory encryption on workloads.

They added support for new OSS drivers (name and gvnic) to handle storage traffic and network traffic with higher throughput than older protocols, thus ensuring that Confidential VM will perform almost as fast as non-confidential VM.

Easy Transition

According to Google, transitioning to Confidential VM is easy – all Google Cloud Platform (GCP) workloads can readily run as a Confidential VM whenever you want to.

Available OS Images

In addition to the hardware-based inline memory encryption, Google built Confidential VM on top of Shielded VM, to harden your OS image and verify the integrity of your firmware, kernel binaries and drivers.

Google currently offers images of Ubuntu v18.094, Ubuntu 20.04, Container Optimized OS (COS v81), and RHEL 8.2.

They are currently working with CentOS, Debian and other distributors to offer additional OS images for Confidential VM.

 

Recommended Reading

Go Back To > Computer | BusinessHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


How AMD CPUs Work In A Secured-core PC Device!

Microsoft just announced their partnership with AMD, Intel and Qualcomm to protect the PC’s firmware and operating system through the Secured-core PC initiative.

With help from Akash Malhotra, AMD Director of Security Product Management, here is everything you need to know about how AMD CPUs work in a Secured-core PC device!

 

What Is A Secured-core PC Device?

Secured-core PC is a new Microsoft initiative that they just announced. In partnership with their hardware partners, they aim to create a specific set of requirements for devices that are meant for secure use.

These requirements will apply the best practices in data security – isolation and minimal trust in the firmware layer and the device core that underpins the Windows operating system.

Secured-core PC devices are targeted at industries like financial services, government and healthcare, and anyone who work with valuable IP, customer or personal data. They would also be useful for persons of interest, who would be high-value targets for hackers and nation-state attackers.

Recommended : The Microsoft Secured-core PC Initiative Explained!

 

What Security Features Are Already In AMD CPUs?

Before we look at how AMD CPUs work in a Secured-core PC device, let’s take a look at what security features they ship with :

SKINIT: The SKINIT instruction helps create a “root of trust” starting with an initially untrusted operating mode. SKINIT reinitializes the processor to establish a secure execution environment for a software component called the secure loader (SL) and starts execution of the SL in a way to help prevent tampering SKINIT extends the hardware-based root of trust to the secure loader.

Secure Loader (SL): The AMD Secure Loader (SL) is responsible for validating the platform configuration by interrogating the hardware and requesting configuration information from the DRTM Service.

AMD Secure Processor (ASP): AMD Secure Processor is dedicated hardware available in each SOC which helps enable secure boot up from BIOS level into the Trusted Execution Environment (TEE). Trusted applications can leverage industry-standard APIs to take advantage of the TEE’s secure execution environment.

AMD-V with GMET: AMD-V is set of hardware extensions to enable virtualization on AMD platforms. Guest Mode Execute Trap (GMET) is a silicon performance acceleration feature added in next gen Ryzen which enables hypervisor to efficiently handle code integrity check and help protect against malware.

 

How AMD CPUs Work In A Secured-core PC Device

In a Secured-core PC powered by an AMD CPU, the firmware and bootloader will initialise, and shortly after, the system will transition into a trusted state with the hardware forcing the firmware down a well-known and measured code path.

That means the firmware is authenticated and measured by the security block in the AMD CPU, and that measurement is stored securely in TPM for verification and attestation by the operating system.

At any point after that, the operating system can request that the AMD security block remeasure and compare the firmware against the old values, before executing further operations. This way, the operating system can help verify the integrity of the system over time.

In AMD processors, the firmware protection is handled by the AMD Dynamic Root of Trust Measurement (DRTM) Service Block that is made up of SKINIT CPU instruction, ASP and the AMD Secure Loader (SL).

This block is responsible for creating and maintain a chain of trust between components by performing these functions:

  • Measure and authenticate firmware and bootloader
  • Gather the following system configuration for the OS, which will in turn validate them against its security requirements and store information for future verification.
    • Physical memory map
    • PCI configuration space location
    • Local APIC configuration
    • I/O APIC configuration
    • IOMMU configuration / TMR Configuration
    • Power management configuration

 

AMD SMM Supervisor

Although the method above protects the firmware, AMD points out that the System Management Mode (SMM) also needs to be protected.

SMM is a special-purpose x86 CPU mode that handles power management, hardware configuration, thermal monitoring, etc. Because SMM code executes in the highest privilege level and is invisible to the operating system, it is an attractive target for attackers.

To help isolate SMM, AMD introduced a security module called AMD SMM Supervisor that will :

  • Block SMM from being able to modify Hypervisor or OS memory. An exception is a small coordinate communication buffer between the two.
  • Prevent SMM from introducing new SMM code at run time
  • Block SMM from accessing DMA, I/O, or registers that can compromise the Hypervisor or OS

 

Recommended Reading

Go Back To > Cybersecurity | ComputerHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Radeon Pro Software Enterprise Edition 18.Q2 Tech Report

The new AMD Radeon Pro Software Enterprise Edition 18.Q2 driver is here! It is a mouthful, to be sure! Find out what’s new in the Radeon Pro Software Enterprise Edition 18.Q2 driver, and how it delivers enterprise-grade quality and reliability, and better performance, for professional applications!

Updated @ 2018-05-13 : Added more details and links.

Originally posted @ 2018-05-11

 

AMD Radeon Pro Software Enterprise Edition 18.Q2

AMD Radeon Pro Software is a professional-grade driver that lets you maximise the performance and capabilities of AMD Radeon Pro graphics solutions. The Enterprise Edition is a special version of the Radeon Pro Software that emphasises enterprise-grade quality and reliability.

The new Radeon Pro Software Enterprise Edition 18.Q2 is now certified for over 100 workstation applications, including leading professional applications like Autodesk AutoCAD, Dassault Systèmes CATIA, Siemens NX, Adobe Premiere Pro, Avid Media Composer, and Autodesk Maya.

In this technical report, we split the topic into easily-digested portions :

 

What’s New In Enterprise Edition 18.Q2

AMD releases the Radeon Pro Software Enterprise Edition in quarterly updates. Here are what’s new in the Enterprise Edition 18.Q2 driver :

Support for Windows 10 April 2018 Update

Microsoft released the Windows 10 April 2018 Update at the end of April with a slew of new and improved features. Radeon Pro Software Enterprise Edition 18.Q2 adds enterprise-level support for Windows 10 April 2018, so you don’t have to worry about post-upgrade reliability issues.

Display Issues Fixed In Enterprise Edition 18Q2

  • Radeon Pro Overlay will now appear when you run two monitors in clone mode.
  • Fixed display issues for full-screen 3×2 AMD Eyefinity Pro display configurations.

VDI-Specific Known Issues With Enterprise Edition 18Q2

  • VM may disconnect after upgrading to this driver, and will be unable to connect until it is rebooted.
  • The energy subtest of SPECviewperf 12.1.1 may not complete in an MxGPU environment.

Feature Support Information

[adrotate group=”2″]
  • Driver Options is available on Microsoft Windows 10. Always update to the latest gaming drivers to mitigate driver switching issues. This is not available with multi-GPU configurations nor with Radeon Pro Duo (Polaris). This is not available for mobile platforms.
  • Multi-GPU Eyefinity Pro on Microsoft Windows 10 is not currently supported on any hardware for Radeon Pro Software Enterprise Edition 18.Q2.

ISV Certification Notes

  • Due to Maya-MtoA software issue Trac #3142, some Viewport Draw modes for stand-ins draw an infinite line. Workaround is to toggle the Viewport Draw Mode of the stand-in in the Attribute Editor.
  • Autodesk Maya 2017/2018 may show gray patch in playback in certain models due Maya issue Maya 41945. Workaround is to click on a different frame on timeline or to click on first frame.

Apple Boot Camp

The AMD Radeon Pro Software Enterprise Edition 18Q2 is not intended for use on Radeon GPUs running in Apple Boot Camp.

 

Enterprise Edition 18.Q2 Compatibility

AMD Product Family Model
Radeon Pro WX Series Radeon Pro WX 9100 (16 GB | 32 GB)
Radeon Pro WX 7100 (Price Check)
Radeon Pro WX 5100 (Price Check)
Radeon Pro WX 4100 (Price Check)
Radeon Pro WX 3100 (Price Check)
Radeon Pro WX 2100 (Price Check)
Radeon Vega Frontier Edition Radeon Vega Frontier Edition (Air | Liquid)
Radeon Pro Series Radeon Pro SSG
Radeon Pro Duo (Polaris & Fiji)
FirePro W Series FirePro W9100 (16 GB | 32 GB)
FirePro W9000 (Price Check)
FirePro W8100 (Price Check)
FirePro W8000 (Price Check)
FirePro W7100 (Price Check)
FirePro W7000 (Price Check)
FirePro W5100 (Price Check)
FirePro W5000 (Price Check)
FirePro W4300 (Price Check)
FirePro W4100 (Price Check)
FirePro W2100 (Price Check)
FirePro W600 (Price Check)
FirePro S Series FirePro S7150x2 (Price Check)
FirePro S7150 (Price Check)
FirePro S7100X (Price Check)
All other FirePro S series products
Dell Mobile Radeon Pro WX7100
Radeon Pro WX4150
Radeon Pro WX4130
FirePro W7170M
FirePro W5170M
FirePro W5130M
FirePro W4170M
FirePro M6100
FirePro M6000
FirePro M5100
FirePro M4000
HP Mobile Radeon Pro WX4170
Radeon Pro WX4150
Radeon Pro WX3100
FirePro W6150M
FirePro W5170M
FirePro W4190M

 

Download Radeon Pro Software Enterprise Edition 18.Q2

Radeon Pro Software Enterprise Edition 18.Q2 is free to download and use for compatible AMD graphics solutions. It is available for the following operating systems :

  • Windows 10 (64-bit and 32-bit)
  • Windows 7 SP1 or better (64-bit and 32-bit)
  • Windows Server 2016 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Linux

You can download the drivers here.

Next Page > Enterprise Edition Key Features – Better Quality + Security

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Key Features Of Enterprise Edition 18.Q2 Part 1

Enterprise-Grade Quality

To deliver enterprise-grade quality and reliability, every Radeon Pro Software Enterprise Edition driver undergoes a stringent stability testing process. This process consists of “waves” of testing by both AMD and their OEM partners. Such extensive pre-launch testing helps to minimize post-launch issues.

Thanks to OEM and ISV partner tests and a final wave of beta user tests, there were zero reported issues with the Enterprise Edition driver in 2017 for over 99.99% of AMD Radeon Pro users. These tests are not limited to only a few professional software vendors.

The Radeon Pro Software Enterprise Edition drivers are certified on over 80 of the leading professional applications. The last 18.Q1 Enterprise Edition driver even scored a 100% pass rate for all the certifications AMD submitted it to.

[adrotate group=”1″]

Better Security

Data security is an oft-neglected aspect in the pursuit of better performance. That has led to major security flaws like Meltdown and Spectre. Look at the thousands of CPU models that were affected by just those two flaws.

Working with the AMD Secure Processor, Radeon Pro Software Enterprise Edition 18Q2 delivers advanced security features to help thwart malicious attacks, giving enterprises added protection for their valuable intellectual property.

The Radeon Pro Software Enterprise Edition also provides secure virtualization capabilities through the AMD MxGPU Technology. Because it is hardware virtualization technology, it offers users a dedicated and isolated share of the graphics memory for increased security.

AMD offers a predictable quarterly release schedule, that targets the 2nd Wednesday of the 2nd month of each quarter. This makes it easier for IT managers to plan for their next driver update, with the next Enterprise Edition release scheduled for August 8th, 2018.

Next Page > Better Performance, New ProRender Plug-Ins

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Key Features Of Enterprise Edition 18.Q2 Part 2

Better Performance

Alexander Blake-Davies, Software Product Marketing Specialist for Professional Graphics at AMD’s Radeon Technology Group, shared these performance findings with us.

The continuous performance optimizations in every Radeon Pro Software driver update, thanks in part to the close technology partnerships we have with ISV application developers, means you can get new GPU-like performance improvements over the lifetime of your graphics investment, as shown in the chart below.

For the Radeon Pro Software Enterprise Edition 18.Q2 driver we are delivering significant performance improvements in Dassault Systèmes CATIA. The 18Q2 driver is up to 38% faster when running AMD’s internal benchmark of complex customer models and up to two times faster with the AMD internal assembly model benchmark.

For design and manufacturing applications, the 18.Q2 Enterprise Edition driver when compared to the Radeon Pro Software Enterprise Driver 17Q2 is up to an estimated 47% faster in Siemens NX when tested with SPECviewperf 12.1 snx-02, up to an estimated 14% faster in PTC Creo when tested with SPECapc for PTC Creo 3.0, and up to an estimated 12% faster in SOLIDWORKS when tested with SPECapc for SOLIDWORKS 2015.

For media and entertainment applications, the 18.Q2 Enterprise Edition driver when compared to the Radeon Pro Software Enterprise Driver 17Q2 is up to an estimated 44% faster in Autodesk 3ds Max when tested with SPECapc for Autodesk 3ds Max 2015 and up to an estimated 22% faster in Autodesk Maya when tested with SPECapc for Autodesk Maya 2017.

[adrotate group=”1″]

 

New Radeon ProRender Plug-Ins

While not technically part of the Radeon Pro Software Enterprise Edition 18.Q2 driver, AMD also introduced updated versions of the Radeon ProRender plug-ins for 3ds Max, Maya and Blender. Following the release of new macOS versions in April, AMD has just released :

  • updated Windows and Linux versions of the Radeon ProRender plug-in for Blender,

  • an updated Windows version of the Radeon ProRender plug-in for Maya, as well as,

  • an updated Radeon ProRender plug-in for 3ds Max.

These plug-ins introduce several new features and enhancements including updates to the Uber and Light Shaders, support for volumetrics and interactive denoising – accelerating artists’ workflows and ultimately making their lives easier.

Next Page > Complete Set Of Radeon Pro Enterprise Edition 18Q2 Slides

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Complete Set Of Radeon Pro Software Enterprise Edition 18.Q2 Slides

 

Suggested Reading

[adrotate group=”2″]

Go Back To > First Page | Software | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

AMD RyzenFall, MasterKey, Fallout, Chimera Mitigation Guide

The recently-discovered RyzenFall, MasterKey, Fallout and Chimera security flaws affecting AMD’s latest processor platforms are ruining the AMD Ryzen 2 pre-launch vibes. So it’s no surprise to see AMD working hard to fix the vulnerabilities.

In this article, we will share with you the latest AMD mitigation options for the RyzenFall, MasterKey, Fallout and Chimera security vulnerabilities.

 

What’s Really Affected?

While it is accurate to say that the AMD Ryzen and AMD EPYC processors are affected by RyzenFall, MasterKey, Fallout and Chimera, these vulnerabilities do not affect the actual processor cores. Neither are they related to the Zen microarchitecture.

This makes them completely different from the Meltdown and Spectre vulnerabilities that have been “built into” over 2,800 CPU models!

Instead, the new RyzenFall, MasterKey, Fallout and Chimera security vulnerabilities are found in:

  • the AMD Secure Processor (integrated into the new Ryzen and EPYC processors), and
  • the AMD Promontory chipsets that are paired with Ryzen and Ryzen Pro desktop processors.

The AMD Promontory chipset is used in many Socket AM4 desktop, and Socket TR4 high-end desktop (HEDT) platforms.

AMD EPYC, Ryzen Embedded, and Ryzen Mobile platforms do not use the Promontory chipset.

 

The AMD RyzenFall, MasterKey, Fallout + Chimera Mitigations

RyzenFall + Fallout

Issue : An attacker with administrative access can write to the AMD Secure Processor (PSP registers to exploit vulnerabilities in the interface between the x86 processor core and AMD Secure Processor.

Impact : The attacker can circumvent security controls to install difficult-to-detect malware in the x86 System Management Mode (SMM). The access is not persistent across reboots.

Planned Mitigations : AMD will issue AMD Secure Processor firmware patches through BIOS updates in coming weeks. No performance impact is expected.

MasterKey (PSP Privilege Escalation)

Issue : An attacker with administrative access can write malicious firmware updates, without the AMD Secure Processor (PSP) detecting the “corruption”.

Impact : The attacker can circumvent security controls to install difficult-to-detect malware. These changes are persistent, even following a system reboot.

Planned Mitigations : AMD will issue AMD Secure Processor firmware patches through BIOS updates in coming weeks. No performance impact is expected.

Chimera

Issue : An attacker with administrative access can install a malicious driver to access certain features in the AMD Promontory chipset.

Impact : The attacker can access physical memory through the Promontory chipset. The attacker can also install difficult-to-detect malware in the chipset, but this is not persistent across reboots.

Planned Mitigations : AMD will issue chipset patches through BIOS updates in coming weeks. No performance impact is expected.

 

Reading Suggestions

[adrotate group=”2″]

Go Back To > Guides | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!