Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
KVM With Linux 5.13 Has AMD SEV Improvements, Intel SGX For Guests
Linux 5.13 is bringing a number of KVM improvements especially as it pertains to Intel/AMD processor features.
The AMD code in particular has seen some shiny new feature work. The changes for Linux 5.13 do include a new KVM API for supporting AMD Secure Encrypted Virtualization (SEV) live migration of guests. However, the guest API didn't get completed in time for the Linux 5.13 cycle. Also on the AMD SEV front there is now support for AMD SEV virtual machines to share the same encryption context if desired, such as if having multiple VMs spawned by the same user. The AMD code path now supports virtual SPEC_CTRL handling so that the hypervisor doesn't need to intervene for speculation control (SPEC_CTRL_MSR) handling. The AMD code also has improved SYSENTER emulation for the 5.13 kernel.
Meanwhile on the Intel front for Linux 5.13 there is the support for Software Guard Extensions (SGX) within virtual machines.
The Kernel-based Virtual Machine (KVM) for Linux 5.13 on the x86 front also has optimizations to its nested SVM code and optimizations to the new MMU code.
For KVM on ARM there is now guest SVE support when running in nVHE mode as well as performance improvements within the S2 fault handler.
More details on the KVM changes for Linux 5.13 via this PR.