AMD Secure Encrypted Virtualization - FreeBSD Status?
grarpamp
grarpamp at gmail.com
Thu Oct 3 07:48:12 UTC 2019
https://developer.amd.com/sev/
https://github.com/AMDESE/AMDSEV
https://arstechnica.com/gadgets/2019/08/a-detailed-look-at-amds-new-epyc-rome-7nm-server-cpus/
http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
https://libvirt.org/kbase/launch_security_sev.html
"AMD is also using its Secure Processor to enable a couple of key
features that we believe aren't getting enough attention: Secure
Memory Encryption and Secure Encrypted Virtualization. There's an
AES-128 engine inside Epyc's memory controller, with the keys managed
by the SEP. If SME is enabled in the system BIOS, all RAM in the
system will be encrypted using a single key provided by the SEP and
decrypted when requested by the CPU. Expanding upon SME, SEV allows
guests' allocated RAM to be encrypted with individual keys, separate
from the one used by the host operating system."
More information about the freebsd-virtualization
mailing list