Google, AMD Release Security Test for Epyc Processors Used in Confidential Google Cloud Computing

An unusual partnership between Google and AMD could provide a blueprint for how the tech industry can better address processor security risks before they spiral out of control. The only problem? The setup requires a rare level of trust, which can be difficult for other companies to replicate.

On Tuesdays, Google Cloud is liberate, release, free one detailed audit AMD’s secret computer technology produced in collaboration with Google Project Zero bug hunting team, two in Google Cloud Security and AMD’s firmware team. The testing comes after years of Google Cloud’s growing emphasis on its services for Confidential Computing — a set of capabilities keep customer data always encrypted, even during processing. The stakes are high, as customers increasingly depend on the privacy and security protections provided by these services and the physical infrastructure underlying them, built on AMD’s special, secure processor. An exploitable vulnerability in Confidential Calculus could be a disaster.

Mistakes in the design and implementation of processors pose great risks, turning widely used chips into single point of failure in computers, servers and other devices on which they are installed. Vulnerabilities in specialized Guard chips have particularly serious ramifications because these processors are designed to be immutable and provide the “root of trust” that all other components of the system can rely on. If hackers can exploit a vulnerability in the security chip, they can poison the system at that root and potentially gain undetectable control. So AMD and Google Cloud have developed an unusually close partnership over 5 years to collaborate to test Epyc . processors is used in sensitive Google Cloud infrastructure and tries to close as many vulnerabilities as possible.

“When we find something and know that the level of security just keeps getting better, that’s for the best,” said Nelly Porter, group product manager for Google Cloud. “It’s not pointing fingers, it’s a concerted effort to fix things. Competitors have unbelievable capabilities, and their innovation is on the rise, so we need to not only catch up, but stay ahead of them.”

Porter emphasized that the partnership with AMD was unusual because the two companies were able to build enough confidence that the chipmaker was willing to let Google’s teams analyze the closely guarded source code. Brent Hollingsworth, director of AMD’s Epyc software ecosystem, points out that this relationship also creates space to push the boundaries of what types of attacks researchers can test. For example, in this test, Google security researchers used specialized hardware to perform physical attacks against AMD technology, an important and valuable exercise. other chip manufacturers are also increasingly focused on, but one thing beyond the traditional security guarantees that chipmakers provide.