Announcement

Collapse
No announcement yet.

AMD Secure Encrypted Virtualization Is Ready To Roll With Linux 4.16

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • Ardje
    replied
    Originally posted by arakan94 View Post
    Features like this are impossible to make without something like PSP..
    Actually I think that this feature will make hacking through PSP just to be able to snoop memory useless.
    Or things like meltdown, since your hardware will be predicting branches against encrypted memory.

    Leave a comment:

  • numacross
    replied
    Originally posted by arakan94 View Post
    Features like this are impossible to make without something like PSP..
    It's one thing to have a security processor and another it being a black box of firmware with no user control

    Make it open-source along with all the tools needed to build it by the end user. Flashable only with direct hardware access (like a switch on the motherboard to enable writing) and all the drama will go away.

    Leave a comment:

  • arakan94
    replied
    Originally posted by uid313 View Post
    What good is this when AMD still have AMD Security Processor (previously Platform Security Processor) which is like Intel's Management Engine (ME) and Intel AMT and likely insecure and vulnerable too?
    Features like this are impossible to make without something like PSP..

    Leave a comment:

  • Akiko
    replied
    Originally posted by Jedibeeftrix View Post
    Will this feature work in either of:
    1. AMD Threadripper
    2. Ryzen Pro
    I'm running a Threadripper with some heavy virtualization load for a while now. The UEFI has options for this, so I guess this will work on Threadripper, too. At last SME worked rigth from the start (you see a small RAM bandwidth drop, if activated). Also the security platform processor of the Threadripper works quite well since Linux 4.14.x (and if activated, it is off by default).

    Leave a comment:

  • pal666
    replied
    Originally posted by uid313 View Post
    What good is this when AMD still have AMD Security Processor (previously Platform Security Processor) which is like Intel's Management Engine (ME) and Intel AMT and likely insecure and vulnerable too?
    your kernel is likely insecure and vulnerable, what good is it?

    Leave a comment:

  • dwagner
    replied
    I understand that a "legitimate owner" of a VM can verify he is talking to a legit AMD SEV VM by checking its signature.
    But how could an AMD CPU know it is talking to a "legitimate owner" of a VM, and not some compromised hypervisor presenting the CPU an encrypted VM image it got hold of? After all, there probably are no "legitimate VM owner certificates" burned into the CPU...

    Leave a comment:

  • numacross
    replied
    Originally posted by uid313 View Post
    What good is this when AMD still have AMD Security Processor (previously Platform Security Processor) which is like Intel's Management Engine (ME) and Intel AMT and likely insecure and vulnerable too?
    What good is x86 with SMM since 386SL?

    The difference with PSP is that it doesn't (yet) have a covert channel like AMT with it's direct link to the NIC. The dedicated Ryzen Pro motherboards will probably have something like this...
    • Likes 1

    Leave a comment:

  • uid313
    replied
    What good is this when AMD still have AMD Security Processor (previously Platform Security Processor) which is like Intel's Management Engine (ME) and Intel AMT and likely insecure and vulnerable too?

    Leave a comment:

  • numacross
    replied
    Originally posted by Michael View Post
    As far as I know it's strictly only supported on EPYC.
    According to AMD support it's in both EPYC and Ryzen Pro (https://github.com/AMDESE/AMDSEV/iss...ment-338450973).

    • Likes 4

    Leave a comment:

  • Michael
    replied
    Originally posted by Jedibeeftrix View Post
    "With the Linux 4.16 kernel cycle that is expected to begin immediately following the Linux 4.15 kernel debut on Sunday, AMD's Secure Encrypted Virtualization (SEV) technology supported by their new EPYC processors will be mainline."

    Will this feature work in either of:
    1. AMD Threadripper
    2. Ryzen Pro
    As far as I know it's strictly only supported on EPYC.
    • Likes 2

    Leave a comment:

Previous 1 2 template Next
Working...
X