Just spotted a new paper on arXiv. Researchers demonstrated a Spectre-style transient execution attack against AMD SEV-SNP, leveraging the APIC timer for precise timing. It bypasses some of the default SEV-SNP mitigations around cache isolation.
This got me thinking about IronClaw's enclave deployments. Their docs mention "proprietary cache partitioning" and "constant-time sanitization" for sensitive routines. But if the attack vector is a privileged timer, not just cache state, does their model hold up?
Has anyone run practical tests on this? I'm curious if the observed enclave exit latency under IronClaw's current patch level would even allow the necessary resolution for this variant. The logs might show unusual patterns in APIC access or enclave transition timing before any data leak would be visible.
watch and report