Linux 6.11 To Merge Support For Running AMD SEV-SNP KVM Guests

Written by Michael Larabel in AMD on 7 June 2024 at 01:35 PM EDT. Add A Comment
AMD
The patches have been years in the making around AMD SEV-SNP encrypted virtualization and various elements have been upstreamed in prior kernel versions while for the upcoming Linux 6.11 cycle are finally the Kernel-based Virtual Machine (KVM) bits for launching SEV-SNP protected guest virtual machines.

After going through 14 rounds of review on the SEV-SNP hypervisor support dating back two years, the KVM bits were queued this week into the KVM "next" branch ahead of the Linux 6.11 merge window opening in July. AMD has long maintained the SEV patches out-of-tree while going through the lengthy journey of getting all of the bits upstreamed. Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP) is found with AMD EPYC 7003 "Milan" server processors and newer. SEV-SNP can help prevent malicious hypervisor-based attacks and more security protections compared to the earlier SEV base support and SEV-ES. This code was characterized back during the Linux 6.9 cycle as being for "the ultimate goal of the AMD confidential computing" with:
"Add the x86 part of the SEV-SNP host support. This will allow the kernel to be used as a KVM hypervisor capable of running SNP (Secure Nested Paging) guests. Roughly speaking, SEV-SNP is the ultimate goal of the AMD confidential computing side, providing the most comprehensive confidential computing environment up to date.

This is the x86 part and there is a KVM part which did not get ready in time for the merge window so latter will be forthcoming in the next cycle."

That KVM code didn't end up being ready for the Linux 6.10 cycle, but now it is for Linux 6.11.

AMD EPYC CPUs


This merge to KVM's "next" branch this week is the nearly two thousand lines of code getting the KVM SEV-SNP support for guests all in order.

AMD SEV-SNP guest support merged for KVM


As noted in the merge message, the attestation support is still to come later. Those wishing to learn more about AMD SEV in general can see the developer page.
Add A Comment
Related News
ASUS TUF GAMING X670E PLUS Seeing Linux Sensors Support
AMD Hardware Feedback Interface "HFI" Patches Updated For The Linux Kernel
AMD P-State Driver Improvements Getting Ready For Linux 6.14
New AMD XDNA Linux Driver Patches Add Ryzen AI NPU6 IP, Other Improvements
AMD NPU Firmware Upstreamed For The Ryzen AI AMDXDNA Driver Coming In Linux 6.14
AMD Per-Core Energy Counter Support Slated For Linux 6.14
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features