{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:HADBMCIYL6GRKKZQ2NLXHCBHHS","short_pith_number":"pith:HADBMCIY","canonical_record":{"source":{"id":"2605.12990","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-13T04:40:23Z","cross_cats_sorted":[],"title_canon_sha256":"2c12de4697d7aae9f3495310d570752e58d66707cdc00e64799602cefe59ed39","abstract_canon_sha256":"4485eda39765700fd11391480dc2ae00e86e6f042d704eed593cfd6782d77612"},"schema_version":"1.0"},"canonical_sha256":"38061609185f8d152b30d3577388273c9e602f8d1250c9dd19c3b0c9658ed9f0","source":{"kind":"arxiv","id":"2605.12990","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2605.12990","created_at":"2026-05-18T03:09:00Z"},{"alias_kind":"arxiv_version","alias_value":"2605.12990v1","created_at":"2026-05-18T03:09:00Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.12990","created_at":"2026-05-18T03:09:00Z"},{"alias_kind":"pith_short_12","alias_value":"HADBMCIYL6GR","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_16","alias_value":"HADBMCIYL6GRKKZQ","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_8","alias_value":"HADBMCIY","created_at":"2026-05-18T12:33:37Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:HADBMCIYL6GRKKZQ2NLXHCBHHS","target":"record","payload":{"canonical_record":{"source":{"id":"2605.12990","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-13T04:40:23Z","cross_cats_sorted":[],"title_canon_sha256":"2c12de4697d7aae9f3495310d570752e58d66707cdc00e64799602cefe59ed39","abstract_canon_sha256":"4485eda39765700fd11391480dc2ae00e86e6f042d704eed593cfd6782d77612"},"schema_version":"1.0"},"canonical_sha256":"38061609185f8d152b30d3577388273c9e602f8d1250c9dd19c3b0c9658ed9f0","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T03:09:00.544303Z","signature_b64":"RCMDtSR0e8qU3oJPWrovgjsfLfNNos4Gdt1FgCXxfPPkpM/LrNvwCbDYzPeim4Rwa2DatXdfyffelG1WpHFBDg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"38061609185f8d152b30d3577388273c9e602f8d1250c9dd19c3b0c9658ed9f0","last_reissued_at":"2026-05-18T03:09:00.543825Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T03:09:00.543825Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2605.12990","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T03:09:00Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"IfVUmKJCnq7YGZA8GGxoU4ziekKNTulzXA7frQkZHFfDt4i8bVRv7sxY5zolH9KRGJNMAgkllDIt6hGoqGj/CA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-22T00:56:34.851414Z"},"content_sha256":"e12d8add5c09cedeffce80e0e16565d849f3044998a3d5543aaeb35f55d35cf9","schema_version":"1.0","event_id":"sha256:e12d8add5c09cedeffce80e0e16565d849f3044998a3d5543aaeb35f55d35cf9"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:HADBMCIYL6GRKKZQ2NLXHCBHHS","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Insecure Despite Proven Updated: Extracting the Root VCEK Seed on EPYC Milan via a Software-Only Attack","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"Software-only attack extracts the root VCEK seed on EPYC Milan, allowing forgery of any SEV-SNP attestation report.","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Muyan Shen, Yu Qin","submitted_at":"2026-05-13T04:40:23Z","abstract_excerpt":"In the official whitepaper of Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP), AMD explicitly emphasizes the capability to prevent Trusted Computing Base (TCB) rollback attacks. Cryptographically, this is realized by signing attestation reports with the Versioned Chip Endorsement Key (VCEK), which is derived by incorporating the TCB version into the hardware root seed.\n  In this architecture, safeguarding the hardware root seed is the ultimate line of defense. However, our research reveals that this protection is insufficient on EPYC Milan by presenting a software-only expl"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"This end-to-end attack chain enables an adversary to forge valid attestation reports for any firmware version, thereby effectively undermining the security model of SEV-SNP.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"The fuse controller on EPYC Milan lacks write restrictions that would prevent extraction of the hardware root seed once code execution is achieved on the secure processor.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"A software-only exploit extracts the root VCEK seed on EPYC Milan by first gaining code execution on the secure processor and then bypassing fuse write restrictions.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"Software-only attack extracts the root VCEK seed on EPYC Milan, allowing forgery of any SEV-SNP attestation report.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"06c5790185aeee0f563c06554e63d0817ec9cedf1036ecd2f4a5b08df396aa19"},"source":{"id":"2605.12990","kind":"arxiv","version":1},"verdict":{"id":"3adfb7b5-35e0-4256-97f7-1d7da72cd0a8","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-14T18:24:10.240032Z","strongest_claim":"This end-to-end attack chain enables an adversary to forge valid attestation reports for any firmware version, thereby effectively undermining the security model of SEV-SNP.","one_line_summary":"A software-only exploit extracts the root VCEK seed on EPYC Milan by first gaining code execution on the secure processor and then bypassing fuse write restrictions.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"The fuse controller on EPYC Milan lacks write restrictions that would prevent extraction of the hardware root seed once code execution is achieved on the secure processor.","pith_extraction_headline":"Software-only attack extracts the root VCEK seed on EPYC Milan, allowing forgery of any SEV-SNP attestation report."},"references":{"count":56,"sample":[{"doi":"","year":2020,"title":"Advanced Micro Devices","work_id":"f9546347-f156-4ea6-aa9e-1ca7854d4ba9","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2023,"title":"Using SEV with AMD EPYC Processors, 2023","work_id":"6620c8c5-df7c-4c18-8499-7ef767834807","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":null,"title":"SEV Secure Nested Paging - Firmware ABI Specification Revision 1.58,","work_id":"9a9bf53a-ec17-443e-9c29-af97b6471d5e","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":null,"title":"https://www.amd.com/content/dam/amd/en /documents/epyc-technical-docs/specificat ions/56860.pdf","work_id":"4259367a-a3f4-4bf7-9627-783c684c7f04","ref_index":4,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2025,"title":"Versioned Chip Endorse- ment Key (VCEK) Certificate and KDS Interface Spec- ification, 2025","work_id":"60f5cd0a-c719-4c9b-9dc1-999bbc2a8146","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":56,"snapshot_sha256":"5cb148881e062795063cbf9d086cfbfa46e64665a97fa8256e862e74ef725536","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":"3adfb7b5-35e0-4256-97f7-1d7da72cd0a8"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T03:09:00Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"a6Vkkek+Ukl8Spo6pdOj8fshem1zbe8j9HPlR3Wes7aifFiyCDJh+1oViWwNAHb4GqlEVR4BlJ233y74S3mDCA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-22T00:56:34.852394Z"},"content_sha256":"575855936db7abfc292cddd86175e76f6624a7ce1c13a4790cbad48f0f5336f7","schema_version":"1.0","event_id":"sha256:575855936db7abfc292cddd86175e76f6624a7ce1c13a4790cbad48f0f5336f7"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/HADBMCIYL6GRKKZQ2NLXHCBHHS/bundle.json","state_url":"https://pith.science/pith/HADBMCIYL6GRKKZQ2NLXHCBHHS/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/HADBMCIYL6GRKKZQ2NLXHCBHHS/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-22T00:56:34Z","links":{"resolver":"https://pith.science/pith/HADBMCIYL6GRKKZQ2NLXHCBHHS","bundle":"https://pith.science/pith/HADBMCIYL6GRKKZQ2NLXHCBHHS/bundle.json","state":"https://pith.science/pith/HADBMCIYL6GRKKZQ2NLXHCBHHS/state.json","well_known_bundle":"https://pith.science/.well-known/pith/HADBMCIYL6GRKKZQ2NLXHCBHHS/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:HADBMCIYL6GRKKZQ2NLXHCBHHS","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"4485eda39765700fd11391480dc2ae00e86e6f042d704eed593cfd6782d77612","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-13T04:40:23Z","title_canon_sha256":"2c12de4697d7aae9f3495310d570752e58d66707cdc00e64799602cefe59ed39"},"schema_version":"1.0","source":{"id":"2605.12990","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2605.12990","created_at":"2026-05-18T03:09:00Z"},{"alias_kind":"arxiv_version","alias_value":"2605.12990v1","created_at":"2026-05-18T03:09:00Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.12990","created_at":"2026-05-18T03:09:00Z"},{"alias_kind":"pith_short_12","alias_value":"HADBMCIYL6GR","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_16","alias_value":"HADBMCIYL6GRKKZQ","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_8","alias_value":"HADBMCIY","created_at":"2026-05-18T12:33:37Z"}],"graph_snapshots":[{"event_id":"sha256:575855936db7abfc292cddd86175e76f6624a7ce1c13a4790cbad48f0f5336f7","target":"graph","created_at":"2026-05-18T03:09:00Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":4,"items":[{"attestation":"unclaimed","claim_id":"C1","kind":"strongest_claim","source":"verdict.strongest_claim","status":"machine_extracted","text":"This end-to-end attack chain enables an adversary to forge valid attestation reports for any firmware version, thereby effectively undermining the security model of SEV-SNP."},{"attestation":"unclaimed","claim_id":"C2","kind":"weakest_assumption","source":"verdict.weakest_assumption","status":"machine_extracted","text":"The fuse controller on EPYC Milan lacks write restrictions that would prevent extraction of the hardware root seed once code execution is achieved on the secure processor."},{"attestation":"unclaimed","claim_id":"C3","kind":"one_line_summary","source":"verdict.one_line_summary","status":"machine_extracted","text":"A software-only exploit extracts the root VCEK seed on EPYC Milan by first gaining code execution on the secure processor and then bypassing fuse write restrictions."},{"attestation":"unclaimed","claim_id":"C4","kind":"headline","source":"verdict.pith_extraction.headline","status":"machine_extracted","text":"Software-only attack extracts the root VCEK seed on EPYC Milan, allowing forgery of any SEV-SNP attestation report."}],"snapshot_sha256":"06c5790185aeee0f563c06554e63d0817ec9cedf1036ecd2f4a5b08df396aa19"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"In the official whitepaper of Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP), AMD explicitly emphasizes the capability to prevent Trusted Computing Base (TCB) rollback attacks. Cryptographically, this is realized by signing attestation reports with the Versioned Chip Endorsement Key (VCEK), which is derived by incorporating the TCB version into the hardware root seed.\n  In this architecture, safeguarding the hardware root seed is the ultimate line of defense. However, our research reveals that this protection is insufficient on EPYC Milan by presenting a software-only expl","authors_text":"Muyan Shen, Yu Qin","cross_cats":[],"headline":"Software-only attack extracts the root VCEK seed on EPYC Milan, allowing forgery of any SEV-SNP attestation report.","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-13T04:40:23Z","title":"Insecure Despite Proven Updated: Extracting the Root VCEK Seed on EPYC Milan via a Software-Only Attack"},"references":{"count":56,"internal_anchors":0,"resolved_work":56,"sample":[{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":1,"title":"Advanced Micro Devices","work_id":"f9546347-f156-4ea6-aa9e-1ca7854d4ba9","year":2020},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":2,"title":"Using SEV with AMD EPYC Processors, 2023","work_id":"6620c8c5-df7c-4c18-8499-7ef767834807","year":2023},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":3,"title":"SEV Secure Nested Paging - Firmware ABI Specification Revision 1.58,","work_id":"9a9bf53a-ec17-443e-9c29-af97b6471d5e","year":null},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":4,"title":"https://www.amd.com/content/dam/amd/en /documents/epyc-technical-docs/specificat ions/56860.pdf","work_id":"4259367a-a3f4-4bf7-9627-783c684c7f04","year":null},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":5,"title":"Versioned Chip Endorse- ment Key (VCEK) Certificate and KDS Interface Spec- ification, 2025","work_id":"60f5cd0a-c719-4c9b-9dc1-999bbc2a8146","year":2025}],"snapshot_sha256":"5cb148881e062795063cbf9d086cfbfa46e64665a97fa8256e862e74ef725536"},"source":{"id":"2605.12990","kind":"arxiv","version":1},"verdict":{"created_at":"2026-05-14T18:24:10.240032Z","id":"3adfb7b5-35e0-4256-97f7-1d7da72cd0a8","model_set":{"reader":"grok-4.3"},"one_line_summary":"A software-only exploit extracts the root VCEK seed on EPYC Milan by first gaining code execution on the secure processor and then bypassing fuse write restrictions.","pipeline_version":"pith-pipeline@v0.9.0","pith_extraction_headline":"Software-only attack extracts the root VCEK seed on EPYC Milan, allowing forgery of any SEV-SNP attestation report.","strongest_claim":"This end-to-end attack chain enables an adversary to forge valid attestation reports for any firmware version, thereby effectively undermining the security model of SEV-SNP.","weakest_assumption":"The fuse controller on EPYC Milan lacks write restrictions that would prevent extraction of the hardware root seed once code execution is achieved on the secure processor."}},"verdict_id":"3adfb7b5-35e0-4256-97f7-1d7da72cd0a8"}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:e12d8add5c09cedeffce80e0e16565d849f3044998a3d5543aaeb35f55d35cf9","target":"record","created_at":"2026-05-18T03:09:00Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"4485eda39765700fd11391480dc2ae00e86e6f042d704eed593cfd6782d77612","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-13T04:40:23Z","title_canon_sha256":"2c12de4697d7aae9f3495310d570752e58d66707cdc00e64799602cefe59ed39"},"schema_version":"1.0","source":{"id":"2605.12990","kind":"arxiv","version":1}},"canonical_sha256":"38061609185f8d152b30d3577388273c9e602f8d1250c9dd19c3b0c9658ed9f0","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"38061609185f8d152b30d3577388273c9e602f8d1250c9dd19c3b0c9658ed9f0","first_computed_at":"2026-05-18T03:09:00.543825Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T03:09:00.543825Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"RCMDtSR0e8qU3oJPWrovgjsfLfNNos4Gdt1FgCXxfPPkpM/LrNvwCbDYzPeim4Rwa2DatXdfyffelG1WpHFBDg==","signature_status":"signed_v1","signed_at":"2026-05-18T03:09:00.544303Z","signed_message":"canonical_sha256_bytes"},"source_id":"2605.12990","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:e12d8add5c09cedeffce80e0e16565d849f3044998a3d5543aaeb35f55d35cf9","sha256:575855936db7abfc292cddd86175e76f6624a7ce1c13a4790cbad48f0f5336f7"],"state_sha256":"c85720322a52f3d784eb4239a59e6b932792b9754200162d50a7a44b68d62dad"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"pG9yBWfK6NRx67DnZJ0ZBtWQ2uI0Fwtp6XicLpgRdQSHnkk1DD2CwbZYqdNqUFYjsy5eDbStfwC1J73lG/t9Cw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-22T00:56:34.856120Z","bundle_sha256":"b21c4785c20aa4f3a1188293296a4918f5fed18942dd9aff441ad47c00631db0"}}