AMD Secure Encrypted Virtualization Is Ready To Roll With Linux 4.16
Going back to the end of 2016 have been Linux patches for Secure Encrypted Virtualization while with Linux 4.16 it will finally be part of the mainline kernel and supported with KVM (Kernel-based Virtual Machine) virtualization.
Secure Encrypted Virtualization protects virtual machines from other VMs/containers and even an untrusted hypervisor by having their memory encrypted and secured in a manner by which only the guest itself can access the unencrypted data. Each VM/container with SEV has its own unique encryption key backed by the AMD Secure Processor. Secure Encrypted Virtualization builds off Secure Memory Encryption (SME) that was added back during Linux 4.14.
After going through nine rounds of patch revisions, SEV support is currently queued in KVM's linux-next branch that in turn will be sent in as the Kernel-based Virtual Machine updates for Linux 4.16.
At the moment this SEV kernel work also depends upon an updated QEMU and TianoCore BIOS. Those pieces will hopefully be merged in short order once these kernel pieces for land, but for now you can grab the patched copies via this QEMU AMDESE Git repository and the EDK2 Git. AMD has a helper script via AMDSEV.git.
Once these pieces are all mainline and have had a few weeks to further stabilize, I plan on firing up some AMD EPYC SEV benchmarks.