Designed with cloud computing security in mind, AMD's Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP), which is an incredibly long and serious name to suggest how complicated it is, has recently seen a rather worrying security breach, involving RAM and a Raspberry Pi.
The SNP part of that phrase is an added security measure to SEV, which ensures those with access via a virtual machine (VM) can't access data they aren't intended to, i.e. other virtual machines. The increased data protection offered by this and its ability to scale memory to protect entire VMs has made it an attractive route for organisations over competitors like Intel's SGX.
As reported by The Register, this is all according to a paper entitled "BadRAM: Practical Memory Aliasing Attacks on Trusted Execution Environments".
In it, the researchers used a Raspberry Pi Pico to "unlock and modify DDR4 and DDR5 SPDs", where the SEV-SNP safeguard lies, to create memory aliases. These can then be used to "manipulate memory mappings and corrupt or replay ciphertext, culminating in a devastating end-to-end attack".
Once into the SDP, the Raspberry Pi can be used to disable and write protection and alter its contents. Ghost bits can then be made in the DIMM, which are "invisible to the memory controller". This can allow the controller of the Raspberry Pi to navigate software restrictions, or even enable "software-only attacks".
The Raspberry Pip Pico and DDR sockets required to do this cost "approximately $10" and can be sourced fairly easily. You will need a 7-10 V source, like a battery, but a malicious actor could get ahold of the necessary equipment with ease. If you're particularly techy, or get a little too ambitious with your hobbies, there's a chance you already have most of this gear lying around.
Where malicious actors might struggle is in gaining physical access in order to do this method. The paper also notes that two Corsair DDR4 DIMMs taken off the shelf left "the base configuration entirely unprotected, possibly exposing them to software-only BadRAM attacks." This means, rarely, you can do this method without physical access.
Importantly, the paper notes times when physical access can be possible without it being particularly strange, like a "malicious employee at a cloud service provider". Notably, this access would leave no physical trace behind.
This problem was reported to AMD, which now labels it a 5.3 (medium) severity problem, and there's a fix, too.
Companies can mitigate problems by using memory modules that entirely lock SPD, "as well as following physical security best practices". This is to say that someone shouldn't be able to get physical access in the first place, which is generally always pretty good advice—don't leave your front door unlocked.
