Linux 6.4 Can Run As A Confidential AMD SEV-SNP vTOM Guest On Microsoft Hyper-V

For those making use of Microsoft Hyper-V virtualization there are some notable additions to find with the in-development Linux 6.4 kernel.

First up, with the AMD Secure Encrypted Virtualization (SEV) changes for Linux 6.4 there is the necessary bits in place so that the mainline kernel can run as a confidential SEV-SNP-backed vTOM guest on Microsoft Hyper-V. The vTOM guest splits the address space into encrypted and un-encrypted portions and allows for unmodified guests on the Hyper-V confidential computing hypervisor. AMD vTOM in this context stands for virtual Top Of Memory.

The x86/sev pull is what provides that Linux 6.4 support for running as a confidential Microsoft Hyper-V VM with SEV-SNP vTOM. The AMD SEV changes for this kernel also include double buffering messages between the guest and the hardware PSP to better ensure message integrity and avoiding possible leak attacks.

Separately there is the Hyper-V updates submitted already as well for the Linux 6.4 kernel merge window. The Microsoft Hyper-V changes here include PCI pass-through support for Hyper-V confidential VMs, Hyper-V VTL mode support, and other improvements/fixes. The Hyper-V VTL mode support is for Microsoft's Virtual Trust Level to further enhance security with their virtualization stack.