Linux 6.11 To Merge Support For Running AMD SEV-SNP KVM Guests

Written by Michael Larabel in AMD on 7 June 2024 at 01:35 PM EDT. Add A Comment
AMD
The patches have been years in the making around AMD SEV-SNP encrypted virtualization and various elements have been upstreamed in prior kernel versions while for the upcoming Linux 6.11 cycle are finally the Kernel-based Virtual Machine (KVM) bits for launching SEV-SNP protected guest virtual machines.

After going through 14 rounds of review on the SEV-SNP hypervisor support dating back two years, the KVM bits were queued this week into the KVM "next" branch ahead of the Linux 6.11 merge window opening in July. AMD has long maintained the SEV patches out-of-tree while going through the lengthy journey of getting all of the bits upstreamed. Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP) is found with AMD EPYC 7003 "Milan" server processors and newer. SEV-SNP can help prevent malicious hypervisor-based attacks and more security protections compared to the earlier SEV base support and SEV-ES. This code was characterized back during the Linux 6.9 cycle as being for "the ultimate goal of the AMD confidential computing" with:
"Add the x86 part of the SEV-SNP host support. This will allow the kernel to be used as a KVM hypervisor capable of running SNP (Secure Nested Paging) guests. Roughly speaking, SEV-SNP is the ultimate goal of the AMD confidential computing side, providing the most comprehensive confidential computing environment up to date.

This is the x86 part and there is a KVM part which did not get ready in time for the merge window so latter will be forthcoming in the next cycle."

That KVM code didn't end up being ready for the Linux 6.10 cycle, but now it is for Linux 6.11.

AMD EPYC CPUs


This merge to KVM's "next" branch this week is the nearly two thousand lines of code getting the KVM SEV-SNP support for guests all in order.

AMD SEV-SNP guest support merged for KVM


As noted in the merge message, the attestation support is still to come later. Those wishing to learn more about AMD SEV in general can see the developer page.
Add A Comment
Related News
AMD's Unified AI Software Stack Might Be A Boon For Other Vulkan/SPIR-V Hardware Too
AMD Ryzen 9000 Series Launch Delayed To August
New AMD Linux Driver Patches Enable I3C HCI Support
AMD XDNA Ryzen AI Linux Kernel Driver Posted For Review
AMD Advances Confidential Computing In Linux 6.11 With SEV-SNP + SVSM Guest Support
AMD Unified AI Software Stack Has The Potential To Be A Very Big Deal
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
EXT4 Has A Very Nice Performance Optimization For Linux 6.11
systemd Talks Up Automatic Boot Assessment In Light Of The Crowdstrike-Microsoft Outage
XZ Patches For The Linux Kernel Updated, Drops "Jia Tan" As A Maintainer
New Linux Patches Enable The Snapdragon X1 Elite Powered Lenovo ThinkPad T14s Gen 6
KDE Developers Tackle The Five Most Common Plasma Crashes
USB & Thunderbolt Improvements Land In Linux 6.11
VirtualBox 7.1 Beta Released With Modernized GUI, Wayland Support For Clipboard Sharing
NVIDIA 560 Linux Driver Beta Released - Defaults To Open GPU Kernel Modules