AMD Takes SEV-SNP Hypervisor To v10, Intel TDX Host Support Up To 14 Revisions

Written by Michael Larabel in Virtualization on 17 October 2023 at 08:22 AM EDT. Add A Comment
VIRTUALIZATION
Both AMD and Intel engineers have experienced a lengthy journey getting their latest virtualization security features into the mainline Linux kernel -- and one that is still ongoing.

Yesterday AMD engineers sent out their v10 patches consisting of 50 patches needed to get AMD Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP) hypervisor support into the mainline kernel. AMD has been working on various elements of SEV-SNP support for a while with the functionality being found in their server processors going back to the EPYC 7003 series. They've been maintaining an out-of-tree kernel build with their various SEV-related kernel patches while the SEV-SNP hypervisor support is one of the last big portions still left for upstreaming.

This SEV-SNP hypervisor support also depends upon some KVM GMEM patches that have yet to be mainlined. The v10 patches have experienced quite a bit of code churn still and it's not clear yet if any further iterations will be needed but given the timing it's looking increasingly less likely that it will be mainlined for the upcoming Linux v6.7 merge window.

SEV features


SEV-SNP adds various extra security features for AMD Zen 3 and newer processors for better securing virtualized environments.

Meanwhile this morning Intel sent out their v14 patches for their Trust Domain Extensions (TDX) host kernel support. With the Intel TDX v14 host patches is handling for S3/hibernation since TDX cannot survive S3 and lower power states so will be completely reset. Plus the v14 patches have some other small changes.

Intel TDX


Intel TDX is about providing hardware-backed isolation and integrity for confidential computing inside VMs. Intel TDX was introduced with Sapphire Rapids but just enabled for selected cloud deployments. Intel continues actively pushing a lot of Linux TDX patches so hopefully by the time Trust Domain Extensions support is more widespread all of the necessary kernel bits will be upstreamed.

Due to being new security features and ensuring the design is right and coding standards meant, getting all of these AMD SEV-SNP and Intel TDX bits upstream is taking quite a bit of time but that's all part of the proven Linux upstreaming process.
Add A Comment
Related News
Cloud Hypervisor 39 Adds NVIDIA GPUDirect P2P Support
QEMU 9.0 Released WIth True Multi-Queue Support For VirtIO Block Driver
CoCo VMs On Linux Will Now Panic If RdRand Is Broken To Avoid Catastrophic Conditions
More Efficient VirtIO DRM Driver To Import Scanout Buffers From Other Devices
KVM Virtualization With Linux 6.9 Brings More Optimizations For Intel & AMD
LXD 5.21 LTS Released With UI By Default, AMD SEV Memory Encryption For VMs
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
GNOME Working To Make Key Rack A Viable Password Manager, Better Printing For Flatpaks
Ubuntu 24.04 LTS Downloads Now Available