Linux 5.16 To Support AMD SEV/SEV-ES Intra-Host Live Migration

Last week was the main set of Kernel-based Virtual Machine (KVM) changes for Linux 5.16 that introduced RISC-V hypervisor support and AMD PSF control bit support, among other changes. A second set of KVM changes were sent out on Friday that is headlined by having AMD SEV/SEV-ES intra-host migration support.

With this secondary set of KVM updates for Linux 5.16, the mainline kernel can now handle intra-host migration of virtual machines leveraging Secure Encrypted Virtualization (or SEV-ES, the Encrypted State additions introduced with EPYC 7002 Rome). Live migration hasn't been supported due to the complexities and security with Secure Encryption Virtualization while now at least intra-host migration is supported for where the source and destination VM are on the same underlying server (inter-host migration is not).

This AMD SEV intra-host migration required introducing a new KVM guest API and guest kernel support changes for handling SEV live migration and then the SEV/SEV-ES host migration code changes.

The full list of KVM changes sent in yesterday can be found as part of this pull request.

As of Linux 5.16, the SEV-SNP "Secure Nested Paging" additions with EPYC 7003 "Milan" processors still haven't been upstreamed. AMD continues working on upstreaming the SEV-SNP support to the mainline kernel but is still an ongoing matter. Hopefully it won't be too much longer before seeing that SEV-SNP support ready in full for mainline while until then AMD continues to distribute the patches via their own source tree.