AMD Secure Encrypted Virtualization Updated For Linux

Written by Michael Larabel in AMD on 24 July 2017 at 09:07 PM EDT. 17 Comments
AMD
While AMD's new Epyc processors have a new "Secure Encrypted Virtualization" feature, the support isn't yet mainlined in the Linux kernel but is getting closer.

Brijesh Singh of AMD today published the third revision to the patches implementing Secure Encrypted Virtualization for the Linux kernel. SEV allows for encrypting the memory contents of a guest VM using a unique key for each guest. As Singh further describes, "SEV guests have concept of private and shared memory. Private memory is encrypted with the guest-specific key, while shared memory may be encrypted with hypervisor key. Certain type of memory (namely insruction pages and guest page tables) are always treated as private. Due to security reasons all DMA operations inside the guest must be performed on shared memory."

Secure Encrypted Virtualization builds upon Secure Memory Encryption (SME), another new feature to AMD Epyc and another yet-to-be-mainlined feature. The latest SME patches can be found here.

Hopefully SME and SEV will be ready for merging come the Linux 4.14 cycle as it's now too late for 4.13. The latest patches for those fortunate to have their hands on Epyc can find them via this kernel mailing list post.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week