KVM With Linux 5.11 Brings AMD SEV-ES Host Support

Written by Michael Larabel in Virtualization on 20 December 2020 at 06:03 AM EST. Add A Comment
VIRTUALIZATION
The KVM (Kernel-based Virtual Machine) changes were sent in today for the Linux 5.11 cycle.

Exciting of these KVM changes for what will be the first major Linux release of 2021 is supporting AMD SEV-ES on the host side. Linux has already seen bring-up work for AMD SEV-ES, the Secure Encrypted Virtualization Encrypted State functionality.


SEV-ES builds off the base AMD SEV to also encrypt CPU register contents when exiting a virtual machine to ensure there is no register information leakage to the hypervisor. SEV-ES can also detect malicious modifications to the CPU register state. AMD and others have been working on the SEV-ES support for a while and with Linux 5.11 there is the host-side support with KVM for this more advanced SEV functionality found with EPYC processors.

In addition to the KVM SEV-ES support, other x86 (x86_64) changes include a feature flag for AVX-512 FP16, reporting dirty pages to user-space via a ring buffer, a new ioctl to report Microsoft Hyper-V compatible para-virtualization features, and more.

KVM on the ARM side also is seeing a number of improvements including new exception injection code, simplifying the AArch32 system register state handling, exposing CSV3 on non-Meltdown hosts, and more. The list of KVM changes for Linux 5.11 via this pull.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week