
Preface: Confidential node pools use VMs with hardware-based Trusted Execution Environments (TEEs). AMD SEV-SNP Confidential VM denies hypervisor and other host management code access to VM memory and state, and adds defense-in-depth against operator access.
Background: The SNP firmware may exist in two states: UNINIT and INIT.
UNINIT – The platform is uninitialized. This is the reset state of the PSP firmware.
Allowed Platform Commands: SNP_INIT, SNP_PLATFORM_STATUS,
DOWNLOAD_FIRMWARE, GET_ID
INIT – The platform is initialized
Allowed Platform Commands: All SNP commands except SNP_INIT, DOWNLOAD_FIRMWARE
Ref: The behavior of the SEV-legacy commands is altered when the SNP firmware is in the INIT state. In this case, the SEV-legacy commands require any page that the SEV-legacy command writes to be a Firmware or Default page.
Vulnerability details: CVE-2024-21980 – Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest’s memory or UMC seed potentially resulting in loss of confidentiality and integrity.
Official announcement: Please refer to the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html