Date: Thu, 3 Oct 2019 03:48:08 -0400 From: grarpamp <grarpamp@gmail.com> To: freebsd-security@freebsd.org Cc: freebsd-current@freebsd.org, freebsd-virtualization@freebsd.org Subject: AMD Secure Encrypted Virtualization - FreeBSD Status? Message-ID: <CAD2Ti2-2TWZEcCdyg1seHHdWRVSC9v_kuMe4f-ERo1LNdJAnmw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
https://developer.amd.com/sev/ https://github.com/AMDESE/AMDSEV https://arstechnica.com/gadgets/2019/08/a-detailed-look-at-amds-new-epyc-rome-7nm-server-cpus/ http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf https://libvirt.org/kbase/launch_security_sev.html "AMD is also using its Secure Processor to enable a couple of key features that we believe aren't getting enough attention: Secure Memory Encryption and Secure Encrypted Virtualization. There's an AES-128 engine inside Epyc's memory controller, with the keys managed by the SEP. If SME is enabled in the system BIOS, all RAM in the system will be encrypted using a single key provided by the SEP and decrypted when requested by the CPU. Expanding upon SME, SEV allows guests' allocated RAM to be encrypted with individual keys, separate from the one used by the host operating system."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti2-2TWZEcCdyg1seHHdWRVSC9v_kuMe4f-ERo1LNdJAnmw>