Linux 6.11 To Merge Support For Running AMD SEV-SNP KVM Guests

Written by Michael Larabel in AMD on 7 June 2024 at 01:35 PM EDT. Add A Comment
The patches have been years in the making around AMD SEV-SNP encrypted virtualization and various elements have been upstreamed in prior kernel versions while for the upcoming Linux 6.11 cycle are finally the Kernel-based Virtual Machine (KVM) bits for launching SEV-SNP protected guest virtual machines.

After going through 14 rounds of review on the SEV-SNP hypervisor support dating back two years, the KVM bits were queued this week into the KVM "next" branch ahead of the Linux 6.11 merge window opening in July. AMD has long maintained the SEV patches out-of-tree while going through the lengthy journey of getting all of the bits upstreamed. Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP) is found with AMD EPYC 7003 "Milan" server processors and newer. SEV-SNP can help prevent malicious hypervisor-based attacks and more security protections compared to the earlier SEV base support and SEV-ES. This code was characterized back during the Linux 6.9 cycle as being for "the ultimate goal of the AMD confidential computing" with:
"Add the x86 part of the SEV-SNP host support. This will allow the kernel to be used as a KVM hypervisor capable of running SNP (Secure Nested Paging) guests. Roughly speaking, SEV-SNP is the ultimate goal of the AMD confidential computing side, providing the most comprehensive confidential computing environment up to date.

This is the x86 part and there is a KVM part which did not get ready in time for the merge window so latter will be forthcoming in the next cycle."

That KVM code didn't end up being ready for the Linux 6.10 cycle, but now it is for Linux 6.11.


This merge to KVM's "next" branch this week is the nearly two thousand lines of code getting the KVM SEV-SNP support for guests all in order.

AMD SEV-SNP guest support merged for KVM

As noted in the merge message, the attestation support is still to come later. Those wishing to learn more about AMD SEV in general can see the developer page.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week