This work identifies a critical vulnerability in AMD SEV-SNP’s software interface: its platform-agnostic message format undermines integrity and freshness guarantees in remote attestation and key derivation, enabling cross-architecture authentication bypass. To address this, we present the first end-to-end symbolic model of SEV-SNP—covering remote attestation, key derivation, page swapping, and live migration—formally specified and verified using the Dolev-Yao threat model and ProVerif. Our analysis rigorously proves the correctness of most core security properties (confidentiality, authentication, freshness, and integrity), while uncovering and modeling several practical attack vectors, including partial integrity violations in attestation reports. The results provide formally verifiable evidence for vulnerability localization and remediation, directly informing AMD’s firmware updates and interface redesign.

AMD Secure Encrypted Virtualization technologies enable confidential computing by protecting virtual machines from highly privileged software such as hypervisors. In this work, we develop the first, comprehensive symbolic model of the software interface of the latest SEV iteration called SEV Secure Nested Paging (SEV-SNP). Our model covers remote attestation, key derivation, page swap and live migration. We analyze the security of the software interface of SEV-SNP and formally prove that most critical secrecy, authentication, attestation and freshness properties do indeed hold in the model. Furthermore, we find that the platform-agnostic nature of messages exchanged between SNP guests and the AMD Secure Processor firmware presents a potential weakness in the design. We show how this weakness leads to formal attacks on multiple security properties, including the partial compromise of attestation report integrity, and discuss possible impacts and mitigations.