AMD SEV-ES Sent In For Linux 5.10 To Further Secure Guest VMs

Written by Michael Larabel in AMD on 13 October 2020 at 08:42 PM EDT. Add A Comment
While the mainline Linux kernel for quite a while now has supported AMD Secure Encrypted Virtualization for EPYC processors as a means of better securing guest virtual machines (VMs) and public clouds with hardware memory encryption and using one key per VM to not only protect between guests but also the hypervisor, with Linux 5.10 comes AMD SEV-ES as another step forward for secure virtualization on AMD EPYC.

AMD SEV-ES takes the security a step further by encrypting all the CPU register contents when exiting a VM to ensure there is no leakage of register information to the hypervisor. SEV-ES is also reportedly able to detect malicious modifications to the CPU register state. SEV-ES is particularly suited for protecting against control flow and rollback attacks and other scenarios of needing to know or manipulate the register state.

The Linux 5.10 implementation of AMD SEV-ES is ready to go and ensures the registers are encrypted/decrypted on world switches. There have been Linux kernel patches floating around for SEV-ES since early 2020 while now Linux 5.10 as the last full kernel cycle of the calendar year will see this support land.

The AMD SEV-ES support was sent in as part of its own pull request on Tuesday. This current implementation is KVM-focused with other hypervisors also needing to be adapted to handle the SEV-ES support.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week