for readers missing the significance of the number 4 in the proof of concept: to demonstrate this vulnerability the researchers created a microcode update which replaces the “hardware” random number generator behind the RDRAND instruction with an implementation of xkcd#221 😭
Didn’t think anyone was gonna get back to me on this, thanks Tiddy.
If you had ring 0 on the bare metal, isn’t it safe to assume that anything that bare metal has, including installed vms is also compromised or easily compromisable?
I’m not too knowledgeable on security yet but this interested me
I thought the same, looks like AMD is trying to introduce something to limit that access (ie allow potentially compromised hosts run trusted VMs).
Probably to make VPS’ more attractive to security focused divisions.