AMD SEV-ES Guest Support Updated With More Improvements, Rebased

Back in February came patches for AMD SEV-ES "Encrypted State" support as building off the Linux kernel's existing support for Secure Encrypted Virtualization in conjunction with AMD EPYC processors. The SEV-ES enablement work has now been revised.

The SEV "Encrypted State" patches sent out this morning are for enabling Linux to run as a guest under an SEV-ES enabled hypervisor. The encrypted state portion of SEV is about protecting the guest register state from the hypervisor, beyond the memory encrypted afforded by SEV. The CPU register state becomes encrypted by SEV-ES and cannot be accessed or modified by the hypervisor in order to fend off control-flow attacks and other similar attacks.

With the v2 patches sent out today for SEV-ES guest support, the patches have been re-based against the latest Linux 5.6 Git code, emulation of REP/MOVS instructions is now in place, other instruction handling improvements, and some bug fixes.

It's cutting close though whether the updated patches could be reviewed in time for possible inclusion in the forthcoming Linux 5.7 merge window otherwise could be pushed off until at least Linux 5.8 later in the summer before seeing this functionality in place.