AMD EPYC SEV, Intel UMIP & More AVX-512 Support Heading To Linux 4.15
In the x86 realm for linux 4.15 are many exciting feature improvements for newer/future Intel and AMD CPUs.
First up, Secure Encrypted Virtualization (SEV) is present in the x86 updates for Linux 4.15. AMD's Secure Encrypted Virtualization builds off the Secure Memory Encryption (SME) support that AMD landed in Linux 4.14 and is supported by the new AMD EPYC processors. Secure Encrypted Virtualization allows virtual machines to have their RAM encrypted and in a way that only the guest itself can access the unencrypted memory. This is a big improvement for VM/clouds with EPYC as currently the only CPUs supporting SME/SEV.
On the Intel side with Linux 4.15 are the bits for supporting User-Mode Instruction Prevention (UMIP). This feature is another in the name of security and prevents certain instructions from being executed if the ring level is greater than zero -- basically UMIP will prevent these instructions from being executed outside of the highest level privileges. On the CPU side, UMIP is expected for next-gen Cannonlake CPUs. Some additional changes for UMIP are still coming for 4.15 that could allow the kernel bits to be enabled by default.
There's also additional bits in the x86 pull request for enabling the kernel-side changes around AVX512_VBMI2, GFNI, VAES, VPCLMULQDQ, AVX512_VNNI, and AVX512_BITALG. Great to see the continued AVX-512 push as well as the GFNI support that's coming not until Icelake. On the compiler side these AVX-512 additions and GFNI are premiering next year with GCC 8.1 stable.
Also noteworthy is the new ORC unwinder is the default on x86/x86_64 kernels, work on five-level paging that landed in Linux 4.14 to make it further enhanced, some micro optimizations, and other changes. The ORC unwinder is interesting and great to see it being enabled by default now.
These x86 updates for Linux 4.15 are outlined in this pull request by Ingo Molnar. Overall, Linux 4.15 is looking to be a big but exciting kernel update so far.
First up, Secure Encrypted Virtualization (SEV) is present in the x86 updates for Linux 4.15. AMD's Secure Encrypted Virtualization builds off the Secure Memory Encryption (SME) support that AMD landed in Linux 4.14 and is supported by the new AMD EPYC processors. Secure Encrypted Virtualization allows virtual machines to have their RAM encrypted and in a way that only the guest itself can access the unencrypted memory. This is a big improvement for VM/clouds with EPYC as currently the only CPUs supporting SME/SEV.
On the Intel side with Linux 4.15 are the bits for supporting User-Mode Instruction Prevention (UMIP). This feature is another in the name of security and prevents certain instructions from being executed if the ring level is greater than zero -- basically UMIP will prevent these instructions from being executed outside of the highest level privileges. On the CPU side, UMIP is expected for next-gen Cannonlake CPUs. Some additional changes for UMIP are still coming for 4.15 that could allow the kernel bits to be enabled by default.
There's also additional bits in the x86 pull request for enabling the kernel-side changes around AVX512_VBMI2, GFNI, VAES, VPCLMULQDQ, AVX512_VNNI, and AVX512_BITALG. Great to see the continued AVX-512 push as well as the GFNI support that's coming not until Icelake. On the compiler side these AVX-512 additions and GFNI are premiering next year with GCC 8.1 stable.
Also noteworthy is the new ORC unwinder is the default on x86/x86_64 kernels, work on five-level paging that landed in Linux 4.14 to make it further enhanced, some micro optimizations, and other changes. The ORC unwinder is interesting and great to see it being enabled by default now.
These x86 updates for Linux 4.15 are outlined in this pull request by Ingo Molnar. Overall, Linux 4.15 is looking to be a big but exciting kernel update so far.
Add A Comment