AMD With Upstream Linux Nears "The Ultimate Goal Of Confidential Computing"

Written by Michael Larabel in AMD on 19 March 2024 at 03:00 PM EDT. 6 Comments
AMD
More AMD SEV-SNP bits are upstreamed now for the in-development Linux 6.9 kernel that is putting the EPYC processor support on the mainline kernel trajectory for "the ultimate goal of the AMD confidential computing side" to hopefully be in great shape come Linux 6.10 later in the year.

Last week all of the AMD Secure Encrypted Virtualization (SEV) updates for targeting the Linux 6.9 kernel merge window were merged. This follows much upstreaming work over the past several years by AMD for SEV and their SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging) extensions on newer EPYC processors.

AMD Linux engineer Borislav Petkov summed up the new SEV material for Linux 6.9 as:
"Add the x86 part of the SEV-SNP host support. This will allow the kernel to be used as a KVM hypervisor capable of running SNP (Secure Nested Paging) guests. Roughly speaking, SEV-SNP is the ultimate goal of the AMD confidential computing side, providing the most comprehensive confidential computing environment up to date.

This is the x86 part and there is a KVM part which did not get ready in time for the merge window so latter will be forthcoming in the next cycle."

It's too bad the KVM portion for SEV-SNP didn't make it upstream for Linux 6.9 but at least from the sounds of it will cross the finish line then come Linux 6.10 over the summer.

AMD EPYC Bergamo celebrating with sparkling wine


AMD has long maintained the AMDESE/AMDSEV GitHub repository with their latest out-of-tree kernel code around SEV features during this long upstreaming process. Some Linux distribution vendors have also been carrying portions of these patches in their various downstream enterprise kernels, but thankfully the work has been going upstream. A look at the different AMD SEV capabilities as a reminder:

AMD SEV features


So the x86/sev pull for v6.9 has landed while for end-users / server administrators Linux 6.10 should be the special one for those interested in this "ultimate goal of the AMD confidential computing side, providing the most comprehensive confidential computing environment up to date." Over on the Intel side they too have been busy upstreaming all of their relevant bits around Trust Domain Extensions (TDX).
6 Comments
Related News
GCC 14 Adds "GFX90C" For OpenMP Offloading To APUs With GFX9/Vega Graphics
New AMD Linux Patch Acknowledges More Zen 5 CPU Models
AMD Prepping Fixes & Enhancements For P-State CPUFreq Driver
AMD SEV-SNP Hypervisor Support Nears The Mainline Linux Kernel
AMD Announces Versal Gen 2 Adaptive SoCs - AI Focused & Newer Arm Cores
SolidRun Launches Bedrock R8000 As First Industrial PCs With Ryzen Embedded 8000 Series
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Fedora Linux 40 Cleared For Release Next Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance