When using AMD SEV, Since the whole secure VM RAM is encrypted, if there are two users A and B logged onto the same secure VM (e.g. SSH) is user A (e.g. with root privileges) able to dump the content of the VM memory and this way to reveal the content of the B's data in use which is processed in that VM (RAM for both users should be encrypted with the same key)?
If the answer to 1. is yes, then: virtualization software provides a console access to the VMs which allows cloud provider to operate the VMs. Is this then the way cloud provider can have the access to the encrypted VM and see the users data in memory and bypass the protection? How can the user of the secure VM be sure that there is no such side entry into his/her VM?