ahoi-attacks / heckler

Breaking Confidential VMs with Malicious Interrupts (USENIX Security 2024)

Home Page:https://ahoi-attacks.github.io/heckler/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

build-heckler-userspace License: MIT License: MIT

Heckler

Breaking Confidential VMs with Malicious Interrupts
(USENIX Security 2024)
https://ahoi-attacks.github.io/heckler/

Getting Started

Build host and guest kernel as well as VMM in a docker container.

# On your Host
cd ./docker
./docker-build.sh
./docker-run.sh

# In the container
$ ./build.sh --package

This builds host and guest kernel, qemu and ovmf for your host machine. On succesful build, the binaries will be available in heckler-snp-release-<DATE>.

# On your Host
cd heckler-snp-release-<DATE>
sudo ./install.sh

Prepare Host

Follow up on Prepare Host to set up your host for SEV-SNP. We recommend the following additional kernel arguments.

GRUB_CMDLINE_LINUX_DEFAULT="transparent_hugepage=never rcupdate.rcu_cpu_stall_suppress=1 nmi_watchdog=0"

We ran our experiments on an AMD 4th gen EPYC 9124 16-Core Processor. However, any other AMD SEV SNP capable processor should work as well.

VM Image

Create an Ubuntu 22.04/23.10 image in qcow2 format. See ./run.sh script.

Attack

Companion Repositories:

These repositories are downloaded during project build.

CVEs

About

Breaking Confidential VMs with Malicious Interrupts (USENIX Security 2024)

https://ahoi-attacks.github.io/heckler/

License:Other


Languages

Language:Python 48.7%Language:C 27.7%Language:Shell 17.9%Language:Makefile 3.2%Language:Dockerfile 1.6%Language:Assembly 0.9%