Google, AMD Release Security Audit of Epyc Processors Used in Google Cloud’s Confidential Computing

An unusual partnership between Google and AMD may offer a blueprint for how the tech industry can better tackle processor security risks before they spiral out of control. The only problem? The setup requires an equally rare level of trust, which may be hard for other companies to replicate.

On Tuesday, Google Cloud is releasing a detailed audit of AMD’s confidential computing tech produced in a collaboration between Google’s Project Zero bug-hunting group, two teams within Google Cloud Security, and AMD’s firmware group. The audit follows years of Google Cloud putting increasing emphasis on its offerings for Confidential Computing—a suite of capabilities that keep customers’ data encrypted at all times, even during processing. The stakes are high, as customers increasingly depend on the privacy and security protections conferred by these services and the physical infrastructure underlying them, which is built on special, secure processors from AMD. An exploitable vulnerability in Confidential Computing could be disastrous.

Flaws in how processors are designed and implemented pose massive risks, turning widely used chips into single points of failure in the computers, servers, and other devices in which they’re installed. Vulnerabilities in specialized security chips have particularly dire potential ramifications because these processors are designed to be immutable and provide a “root of trust” that all the other components of a system can rely on. If hackers can exploit a flaw in security chips, they can poison a system at that root and potentially gain undetectable control. So AMD and Google Cloud have developed an unusually close-knit partnership over more than five years to collaborate on auditing the Epyc processors used in Google Cloud’s sensitive infrastructure and attempting to plug as many holes as possible. 

“When we find something and know that the safety is getting better, that’s the best,” says Nelly Porter, group product manager of Google Cloud. “It’s not pointing fingers, it’s combined effort to fix things. Adversaries have unbelievable capability, and their innovation is growing, so we need not only to catch up but to get ahead of them.”

Porter underscores that the partnership with AMD is unusual because the two companies have been able to build up enough trust that the chipmaker is willing to let Google’s teams analyze closely guarded source code. Brent Hollingsworth, AMD’s director of the Epyc software ecosystem, points out that the relationship also creates space for pushing the boundaries on what types of attacks researchers are able to test. For example, in this audit, Google security researchers used specialized hardware to mount physical attacks against AMD technology, an important and valuable exercise that other chipmakers are increasingly focusing on as well, but one that goes beyond the traditional security guarantees chipmakers offer.