The work AMD put into making the Xbox One and PlayStation 4 as unhackable as possible has paid dividends for the security of its EPYC server processors. And that, in turn, will make AMD-based cloud gaming more secure going forward too. The Secure Encrypted Virtualization from its console development could become a must-have feature in the cloud, potentially making Google Stadia the most secure gaming platform ever released.
When the company was putting together the custom chips for Sony and Microsoft one of the big focuses was on how AMD could help the two console makers work through the scourge of modern times – software piracy. Okay, maybe that’s overstating it a touch, but all three companies were focused on stopping the sorts of situations where people could just nip out and buy a replacement PS3 hard drive packed to the gills with every game under the sun already installed.
The tool being used is called cryptographic isolation, something both the PS4 and Xbox One contain as something ensures “the game developer doesn’t have to trust the person who physically controls the box,” says AMD’s Forrest Norrod.
“Previous generations of the game consoles could be hacked,” Norrod says in an interview with CRN, “and so you could go down to probably any number of places within a 10-mile radius [and] buy a 4-terabyte hard drive [with] every PlayStation 3 game ever written on that hard drive.”
The cryptographic isolation feature uses 16 keys on the previous generations of console, and is cited as the principal reason they’re tough to hack “even though they’re physically in the hands of a lot of people that would love to hack [them].”
Norrod, the man now in charge of AMD’s datacentre group, and once the head of its semi-custom division, was introduced to the semi-custom security tech on his first day on the job and immediately saw the potential outside of the game console market.
“I was like, OK, you can run a container or virtual machine on this box, and you don’t have to trust the person that physically controls the box, that’s cool,” he says. “We’re putting that in our server road map. So that’s where it came from.”
The security level that the cryptographic isolation feature offers is obviously the primary incentive, but because it was designed for a games console, where it’s important not to waste even the slightest bit of performance, the feature doesn’t slow anything down.
“It had to be highly performant,” says Norrod, “because you can’t you can’t take a performance penalty playing games. And it had to be completely secure, because the entire business model of that industry relies on licenses for selling the software.”
The feature was first introduced on the server side with the first-gen EPYC chips, as Secure Memory Encryption (SME) and for virtual machines as Secure Encrypted Virtualization (SEV). It uses a dedicated ARM co-processor embedded into the chip to isolate virtual machines from the hypervisor and from each other. At the beginning it only had 15 keys, but with the new second-gen EPYC chips that’s been massively extended to 509 keys, which means the number of virtual machines it can cover is going to be huge.
With AMD working as the back-end for the imminent Google Stadia game streaming service, potentially working with a vast number of virtual machines given over to anyone with a Stadia account, security is going to be absolutely vital. And SEV could ensure that Stadia becomes the most secure gaming platform ever made, and that could be a major feather in its cap when talking to publishers about exclusive titles…