AMD SEV-ES Sent In For Linux 5.10 To Further Secure Guest VMs

Written by Michael Larabel in AMD on 13 October 2020 at 08:42 PM EDT. Add A Comment
AMD
While the mainline Linux kernel for quite a while now has supported AMD Secure Encrypted Virtualization for EPYC processors as a means of better securing guest virtual machines (VMs) and public clouds with hardware memory encryption and using one key per VM to not only protect between guests but also the hypervisor, with Linux 5.10 comes AMD SEV-ES as another step forward for secure virtualization on AMD EPYC.

AMD SEV-ES takes the security a step further by encrypting all the CPU register contents when exiting a VM to ensure there is no leakage of register information to the hypervisor. SEV-ES is also reportedly able to detect malicious modifications to the CPU register state. SEV-ES is particularly suited for protecting against control flow and rollback attacks and other scenarios of needing to know or manipulate the register state.

The Linux 5.10 implementation of AMD SEV-ES is ready to go and ensures the registers are encrypted/decrypted on world switches. There have been Linux kernel patches floating around for SEV-ES since early 2020 while now Linux 5.10 as the last full kernel cycle of the calendar year will see this support land.

The AMD SEV-ES support was sent in as part of its own pull request on Tuesday. This current implementation is KVM-focused with other hypervisors also needing to be adapted to handle the SEV-ES support.
Add A Comment
Related News
AMD Posts Linux Patches For QoS RMID Pinning / ABMC
AMD Posts 11th Iteration Of P-State Preferred Core Patches For Linux
AMD Has A Nice Performance Optimization Coming With Linux 6.8
AMD AXI 1-Wire Driver Queued Ahead Of The Linux 6.8 Kernel
AMD Talking Up Open-Source & Open Standards Ahead Of "Advancing AI" Event
AMD Releases Six New EPYC 7003 "Milan" Processors
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd 255 Released With A "Blue Screen of Death" For Linux Systems
Wine Wayland Driver's Vulkan Support Is Now Usable
Steam Linux Marketshare Surges To Nearly 2% In November
Cloudflare Teases Next-Gen Server Design, Benefits Going From 1U To 2U Servers
OpenZFS 2.2.2 & OpenZFS 2.1.14 Released To Fix Data Corruption Issue
Bcachefs Lands Another Round Of Fixes For Linux 6.7
Using Miriway For Empowering Xfce / MATE / LXQt & Other Desktops With Wayland
Servo Browser Engine Continues On Its Path To Be Embed-Friendly