AMD Secure Encrypted Virtualization Patches Updated For Linux
AMD Linux developers today sent out the latest revision to their big set of patches adding in support for Secure Encrypted Virtualization (SEV) to the Linux kernel.
Landing with the Linux 4.14 kernel that will be released next weekend is AMD Secure Memory Encryption support for use with new EPYC processors and the related AMD Secure Processor support. Building off that is Secure Encrypted Virtualization (SEV) that allows for virtual machines to have their memory encrypted and secured in a way that only the guest itself can access the unencrypted data. Each VM backed by SEV on the AMD EPYC servers has its own unique encryption key and ties into the AMD Secure Processor.
AMD Secure Encrypted Virtualization has a lot of potential for better securing public clouds and other practical use-cases for better safeguarding VMs. Today the eighth version of the SEV patches were published for the Linux kernel.
More details on this work can be found via the kernel patch series and AMD's SEV whitepaper.
With the Linux 4.15 kernel merge window opening next week, unfortunately it's looking quite tight for getting SEV into Linux 4.15, but we'll see for sure soon enough. SEV support also requires patches against QEMU too, so long story short it will likely be a few months still before this SEV support begins appearing prominently on AMD EPYC servers -- especially for the enterprise distributions.
Landing with the Linux 4.14 kernel that will be released next weekend is AMD Secure Memory Encryption support for use with new EPYC processors and the related AMD Secure Processor support. Building off that is Secure Encrypted Virtualization (SEV) that allows for virtual machines to have their memory encrypted and secured in a way that only the guest itself can access the unencrypted data. Each VM backed by SEV on the AMD EPYC servers has its own unique encryption key and ties into the AMD Secure Processor.
AMD Secure Encrypted Virtualization has a lot of potential for better securing public clouds and other practical use-cases for better safeguarding VMs. Today the eighth version of the SEV patches were published for the Linux kernel.
More details on this work can be found via the kernel patch series and AMD's SEV whitepaper.
With the Linux 4.15 kernel merge window opening next week, unfortunately it's looking quite tight for getting SEV into Linux 4.15, but we'll see for sure soon enough. SEV support also requires patches against QEMU too, so long story short it will likely be a few months still before this SEV support begins appearing prominently on AMD EPYC servers -- especially for the enterprise distributions.
4 Comments