“In a perfect world, the [Trusted Computer Base] would be bug-free; in reality, the complexity of modern systems makes continuous assessment essential. Collaborative reviews allow industry leaders to proactively fix vulnerabilities while fostering transparency for everyone who relies on the technology,” Google researchers wrote.
The main problem arose when using Live Migration to move a secure instance – referred to as a Trust Domain (TD) — from one physical machine to another physical machine by changing its attributes from “migratable” to “debug,” the researchers said.
Once triggered, the entire decrypted TD state is accessible from the host. At this point a malicious host could construct another TD with the decrypted state or perform live monitoring activities.
This vulnerability and four others found by Google’s team were patched by Intel in the most recent version of the TDX Module code for Xeon processors. TDX Module code is part of the firmware, so fixes are a part of a firmware update.
In addition to the five significant fixes, Google researchers found 35 less critical code weaknesses and bugs, which are expected to be addressed in future TDX Module code updates.
