Fabricked: Misconfiguring Infinity Fabric to Break AMD SEV-SNP
Key takeaways
- Misconfiguring Infinity Fabric to Break AMD SEV-SNP(USENIX Security 2026)
- Confidential computing allows cloud tenants to offload sensitive computations and data to remote resources without needing to trust the cloud service provider.
- Standard cloud environments expose tenant computation and data in use to potentially untrusted cloud service providers.
Misconfiguring Infinity Fabric to Break AMD SEV-SNP(USENIX Security 2026)
Confidential computing allows cloud tenants to offload sensitive computations and data to remote resources without needing to trust the cloud service provider. Hardware-based trusted execution environments, like AMD SEV-SNP, achieve this by creating Confidential Virtual Machines (CVMs). With Fabricked, we present a novel software-based attack that manipulates memory routing to compromise AMD SEV-SNP. By redirecting memory transactions, a malicious hypervisor can deceive the secure co-processor (PSP) into improperly initializing SEV-SNP. This enables the attacker to perform arbitrary read and write accesses within the CVM address space, thus breaking SEV-SNP core security guarantees.
Standard cloud environments expose tenant computation and data in use to potentially untrusted cloud service providers. Confidential computing addresses this by using Confidential Virtual Machines (CVMs): hardware-shielded environments that isolate active workloads and guarantee complete data privacy from the host. Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) is an AMD hardware extension that enables CVMs on AMD server CPUs.