AMD SEV-ES Guest Support Updated With More Improvements, Rebased

Written by Michael Larabel in AMD on 19 March 2020 at 06:39 AM EDT. Add A Comment
AMD
Back in February came patches for AMD SEV-ES "Encrypted State" support as building off the Linux kernel's existing support for Secure Encrypted Virtualization in conjunction with AMD EPYC processors. The SEV-ES enablement work has now been revised.

The SEV "Encrypted State" patches sent out this morning are for enabling Linux to run as a guest under an SEV-ES enabled hypervisor. The encrypted state portion of SEV is about protecting the guest register state from the hypervisor, beyond the memory encrypted afforded by SEV. The CPU register state becomes encrypted by SEV-ES and cannot be accessed or modified by the hypervisor in order to fend off control-flow attacks and other similar attacks.


With the v2 patches sent out today for SEV-ES guest support, the patches have been re-based against the latest Linux 5.6 Git code, emulation of REP/MOVS instructions is now in place, other instruction handling improvements, and some bug fixes.

It's cutting close though whether the updated patches could be reviewed in time for possible inclusion in the forthcoming Linux 5.7 merge window otherwise could be pushed off until at least Linux 5.8 later in the summer before seeing this functionality in place.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week