AMD Secure Encrypted Virtualization Is Ready To Roll With Linux 4.16

Written by Michael Larabel in Virtualization on 19 January 2018 at 09:00 AM EST. 13 Comments
VIRTUALIZATION
With the Linux 4.16 kernel cycle that is expected to begin immediately following the Linux 4.15 kernel debut on Sunday, AMD's Secure Encrypted Virtualization (SEV) technology supported by their new EPYC processors will be mainline.

Going back to the end of 2016 have been Linux patches for Secure Encrypted Virtualization while with Linux 4.16 it will finally be part of the mainline kernel and supported with KVM (Kernel-based Virtual Machine) virtualization.

Secure Encrypted Virtualization protects virtual machines from other VMs/containers and even an untrusted hypervisor by having their memory encrypted and secured in a manner by which only the guest itself can access the unencrypted data. Each VM/container with SEV has its own unique encryption key backed by the AMD Secure Processor. Secure Encrypted Virtualization builds off Secure Memory Encryption (SME) that was added back during Linux 4.14.

After going through nine rounds of patch revisions, SEV support is currently queued in KVM's linux-next branch that in turn will be sent in as the Kernel-based Virtual Machine updates for Linux 4.16.


At the moment this SEV kernel work also depends upon an updated QEMU and TianoCore BIOS. Those pieces will hopefully be merged in short order once these kernel pieces for land, but for now you can grab the patched copies via this QEMU AMDESE Git repository and the EDK2 Git. AMD has a helper script via AMDSEV.git.

Once these pieces are all mainline and have had a few weeks to further stabilize, I plan on firing up some AMD EPYC SEV benchmarks.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week