pith. sign in
Pith Number

pith:HADBMCIY

pith:2026:HADBMCIYL6GRKKZQ2NLXHCBHHS
not attested not anchored not stored refs resolved

Insecure Despite Proven Updated: Extracting the Root VCEK Seed on EPYC Milan via a Software-Only Attack

Muyan Shen, Yu Qin

Software-only attack extracts the root VCEK seed on EPYC Milan, allowing forgery of any SEV-SNP attestation report.

arxiv:2605.12990 v1 · 2026-05-13 · cs.CR

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{HADBMCIYL6GRKKZQ2NLXHCBHHS}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

This end-to-end attack chain enables an adversary to forge valid attestation reports for any firmware version, thereby effectively undermining the security model of SEV-SNP.

C2weakest assumption

The fuse controller on EPYC Milan lacks write restrictions that would prevent extraction of the hardware root seed once code execution is achieved on the secure processor.

C3one line summary

A software-only exploit extracts the root VCEK seed on EPYC Milan by first gaining code execution on the secure processor and then bypassing fuse write restrictions.

References

56 extracted · 56 resolved · 0 Pith anchors

[1] Advanced Micro Devices 2020
[2] Using SEV with AMD EPYC Processors, 2023 2023
[3] SEV Secure Nested Paging - Firmware ABI Specification Revision 1.58,
[4] https://www.amd.com/content/dam/amd/en /documents/epyc-technical-docs/specificat ions/56860.pdf
[5] Versioned Chip Endorse- ment Key (VCEK) Certificate and KDS Interface Spec- ification, 2025 2025
Receipt and verification
First computed 2026-05-18T03:09:00.543825Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

38061609185f8d152b30d3577388273c9e602f8d1250c9dd19c3b0c9658ed9f0

Aliases

arxiv: 2605.12990 · arxiv_version: 2605.12990v1 · doi: 10.48550/arxiv.2605.12990 · pith_short_12: HADBMCIYL6GR · pith_short_16: HADBMCIYL6GRKKZQ · pith_short_8: HADBMCIY
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/HADBMCIYL6GRKKZQ2NLXHCBHHS \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 38061609185f8d152b30d3577388273c9e602f8d1250c9dd19c3b0c9658ed9f0
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "4485eda39765700fd11391480dc2ae00e86e6f042d704eed593cfd6782d77612",
    "cross_cats_sorted": [],
    "license": "http://arxiv.org/licenses/nonexclusive-distrib/1.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-13T04:40:23Z",
    "title_canon_sha256": "2c12de4697d7aae9f3495310d570752e58d66707cdc00e64799602cefe59ed39"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.12990",
    "kind": "arxiv",
    "version": 1
  }
}