Bounty: 50
A cloud operator such as Google can take a snapshot of a normal VM. This includes CPU state, RAM and disk. This can then be copied to another physical and resumed there. Or it can be analyzed off-line, and any cryptokeys in memory or in the CPU state can be extracted.
This means that if you do not trust your cloud VM provider (maybe your cloud VM provider is owned by your worst competitor), you should not process confidential data on those VMs.
https://cloud.google.com/confidential-computing seems to use AMD’s Secure Encrypted Virtualization which includes hardware RAM encryption: https://developer.amd.com/sev/
If the RAM is encrypted, it will make it harder to use attacks like https://rambleed.com/
But will it also protect against Google?
It seems the RAM is encrypted with a key, that lives in the CPU. But is this key included when Google takes a snapshot of the CPU state of the VM?
In theory I could see it work like this: The CPU has a small web server with a TLS certificate signed by AMD. I access the web server, verify AMD’s certificate, and now I have a secure connection to the CPU that Google cannot access.
Then I give the CPU a secret key to encrypt RAM with. Then I give it a disk image encrypted with the same key. Then I boot the VM.
If the secret key physically cannot leave the CPU, then it should be impossible for Google to access my data: The RAM is encrypted, data to the disk and to the network is encrypted. So I do not need to trust neither the RAM, the storage, nor the network. It will, however, also mean Google cannot snapshot my VM and restore it on another CPU.
This would also mean that this answer is outdated: https://security.stackexchange.com/a/215927/84564
Currently I see no way to do something similar to
verifing the AMD certificate in Google’s current solution. And thus I see no way to securely set a key that Google does not have access to.
Can Google take a snapshot of a running confidential computing VM and restore it?
Using AMD’s SEV can CIA safely process their most secret data on North Korea’s Confidential cloud (assuming they have that) without North Korea being able to access the data – assuming that AMD is trustworthy, but all other hardware apart from the CPU is made in North Korea?
Get this bounty!!!