Security overview of an AMD SEV Confidential VM’s ephemeral disk
Confidential VMs created using the Anjuna CLI for SEV use ephemeral encrypted, integrity protected, disks for the container’s working filesystem.
This section provides details about the algorithms and techniques used to provide a strong security guarantee for the ephemeral disk, such that it is unreadable to anyone besides the VM, and that no one besides the VM can modify it.
| The terms disk and partition are used interchangeably, the specific type of device provided to the VM may change between versions of the Anjuna CLI for SEV. |
The security configuration
The configuration for both the encryption and integrity protection of the disk resides within the RAM of the VM. As an SEV AMD Confidential VM’s RAM is encrypted and integrity protected, this configuration cannot be tampered with. This configuration defines the keys used to encrypt the disk, the keys used to verify its integrity, and the details around the algorithms used. As a Confidential VM’s RAM is discarded when it reboots, the configuration is forever lost, along with any keys stored in it. This results in whatever data stored on the disk becoming completely unreadable to anyone (including future executions of the same VM), meaning that whatever data stored on this ephemeral disk can no longer affect future executions of the VM.
The disk’s encryption
Disk encryption uses the aes-xts-plain64 algorithm using 256 bit keys. This provides 128 bit security post quantum.
The implementation of this algorithm relies on the Linux kernel’s implementation, making it widely reviewed and approved.
The disk’s integrity protection
Disk integrity protection uses the hmac-sha256 algorithm using 256 bit keys. This provides at least 85 bit security post quantum.
As with disk encryption, the implementation of this algorithm relies on the Linux kernel’s implementation, so it is also widely reviewed and approved.