Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
AMD Secure Encrypted Virtualization Updated For Linux
Brijesh Singh of AMD today published the third revision to the patches implementing Secure Encrypted Virtualization for the Linux kernel. SEV allows for encrypting the memory contents of a guest VM using a unique key for each guest. As Singh further describes, "SEV guests have concept of private and shared memory. Private memory is encrypted with the guest-specific key, while shared memory may be encrypted with hypervisor key. Certain type of memory (namely insruction pages and guest page tables) are always treated as private. Due to security reasons all DMA operations inside the guest must be performed on shared memory."
Secure Encrypted Virtualization builds upon Secure Memory Encryption (SME), another new feature to AMD Epyc and another yet-to-be-mainlined feature. The latest SME patches can be found here.
Hopefully SME and SEV will be ready for merging come the Linux 4.14 cycle as it's now too late for 4.13. The latest patches for those fortunate to have their hands on Epyc can find them via this kernel mailing list post.