Keypoints
- Google engaged NCC Group for a 10-person-day design review of Confidential Mode for Hyperdisk (CHD) to analyze DEK protection.
- The review validated two properties: the DEK is never available unencrypted in CHD infrastructure, and it cannot be persisted or extracted from secure hardware enclaves.
- Plaintext DEK is permitted only inside the Key Management Service (KMS) HSM (for DEK generation/export and import/unwrapping) and the infrastructure node AMD SEV-ES secure enclave (for runtime use during storage access).
- NCC Group evaluated DEK handling across all disk operations including provisioning, mounting, and data read/write workflows.
- The review produced a public report available from NCC Group documenting the analysis and findings.
MITRE Techniques
- [T1552.006] Private Keys – Use of KMS/HSM to generate, export wrapped, import, and unwrap the DEK during CHD lifecycle (‘…during CHD creation (DEK is generated and exported wrapped) and DEK Installation (DEK is imported and unwrapped)’)
- [T1486] Data Encrypted for Impact – The DEK is used to encrypt data-at-rest and is involved in disk operations like provisioning, mounting, and read/write access (‘…Data Encryption Key (DEK) that encrypts data-at-rest…disk provisioning…mounting…data read/write operations’)
Indicators of Compromise
- [Domain] Documentation and architecture references – cloud.google.com (CHD and KMS/HSM documentation), amd.com (SEV-ES solution brief)
- [URL] Review/report source – https://research.nccgroup.com/2024/04/12/public-report-confidential-mode-for-hyperdisk-dek-protection-analysis/ (public NCC Group report)
During spring 2024, Google contracted NCC Group for a focused, 10-person-day design review of Confidential Mode for Hyperdisk (CHD) specifically to assess how the Data Encryption Key (DEK) is protected. The review’s objectives were to ensure the DEK is never present in unencrypted form within CHD infrastructure and cannot be persisted or extracted from hardware-protected enclaves. Evaluators traced DEK handling through the full disk lifecycle—generation, export/import (wrapped/unwrapped), provisioning, mounting, and runtime read/write operations—to verify that plaintext DEK material is limited strictly to approved enclaves.
The analysis identified two enclave types authorized to hold the DEK in plaintext: the Key Management Service (KMS) HSM, which performs DEK generation and wrapped export as well as DEK installation via import and unwrapping, and the infrastructure node AMD SEV-ES secure enclave, which accesses the DEK in-memory only while processing storage read/write operations. The report documents controls and design choices intended to prevent DEK persistence or extraction from these enclaves and evaluates how those protections operate across provisioning, mounting, and I/O paths.
The public report from NCC Group provides detailed findings and can be downloaded from the source link below.