Show Your Support: Did you know that the hundreds of articles written on Phoronix each month are mostly authored by one individual? Phoronix.com doesn't have a whole news room with unlimited resources and relies upon people reading our content without blocking ads and alternatively by people subscribing to Phoronix Premium for our ad-free service with other extra features.
Linux 5.16 To Support AMD SEV/SEV-ES Intra-Host Live Migration
With this secondary set of KVM updates for Linux 5.16, the mainline kernel can now handle intra-host migration of virtual machines leveraging Secure Encrypted Virtualization (or SEV-ES, the Encrypted State additions introduced with EPYC 7002 Rome). Live migration hasn't been supported due to the complexities and security with Secure Encryption Virtualization while now at least intra-host migration is supported for where the source and destination VM are on the same underlying server (inter-host migration is not).
This AMD SEV intra-host migration required introducing a new KVM guest API and guest kernel support changes for handling SEV live migration and then the SEV/SEV-ES host migration code changes.
The full list of KVM changes sent in yesterday can be found as part of this pull request.
As of Linux 5.16, the SEV-SNP "Secure Nested Paging" additions with EPYC 7003 "Milan" processors still haven't been upstreamed. AMD continues working on upstreaming the SEV-SNP support to the mainline kernel but is still an ongoing matter. Hopefully it won't be too much longer before seeing that SEV-SNP support ready in full for mainline while until then AMD continues to distribute the patches via their own source tree.