Confidential virtual machines (CVMs) using AMD SEV-SNP or Intel TDX change the threat model for data at rest, requiring a re-evaluation of traditional dm-crypt/LUKS protections. A malicious host with read/write storage access can mount several attacks: directly breaking confidentiality via multiple ciphertext snapshots, stealing encryption keys by impersonating the sealing environment using the vTPM's public SRK, unlocking volumes in unsafe environments by matching PCR values with a controlled OS image, corrupting data undetectably since dm-crypt lacks integrity checks by default, replaying previously recorded ciphertext blocks, and performing side-channel analysis of storage access patterns. Mitigations discussed include using UKIs with hardened initramfs, adding PCR boot-stage barriers (PCR12/13/14), enabling authenticated disk encryption, and preserving cryptographic evidence of the encrypting environment. Replay attacks and side-channel attacks currently lack good mitigation strategies in Linux.
Sort: