There might not be a better example of a synergistic technology relationship than AMD and the Linux community. Back when AMD was the first to make the transition to a 64-bit instruction set architecture (ISA), Linux support was immediate and broad. The now widely known AMD64 architecture would not have taken off as quickly and as successfully if not for the groundswell of support from the Linux community.
When AMD delivered the truly innovative EPYC processor last year, the call went out yet again to the Linux community and they responded in kind. These high-performance CPUs have tremendous potential to reshape the landscape of the datacenter and the enterprise, as much or more than the AMD64 architecture. Setting aside the obvious need for choice in CPU suppliers and operating systems, AMD went the extra mile and delivered to Linux supporters something truly unique and perfectly suited for the modern datacenter. AMD built a specific set of security features directly into EPYC processors, and these features are now supported in Linux. Specifically designed to encrypt data in a virtualized environment, these features address a critical need for any company working with sensitive user data and/or considering moving their infrastructure to the cloud.
Secure Memory Encryption (SME) implements a simple and efficient method for main memory encryption that is flexible, integrated in the CPU architecture and does not require any modifications to the application software. By encrypting DRAM and non-volatile memory technologies, SME helps protect against physical access attacks like cold boot or platform reset, or even hardware probing. SME can encrypt all memory when enabled directly in BIOS or can provide page-level control when enabled in the OS (Linux 4.14).
Secure Encrypted Virtualization (SEV) integrates main memory encryption capabilities with the existing AMD-V virtualization architecture to support encrypted virtual machines. Encrypting virtual machines helps protect them from physical threats, other virtual machines and even the hypervisor itself. SEV guest support is in Linux 4.15 and hypervisor support in 4.16.
AMD is committed to working with our Linux community partners to deliver innovative solutions that meet the needs of modern datacenters. The AMD Software Ecosystem and Alliances team has regular technical reviews with the Linux distribution providers to align our hardware roadmaps to their releases. As a result, support for SME is now available in Red Hat 7.5; SEV guest is available in Ubuntu 18.04. Watch this space closely as SEV host capable operating systems are expected to become available later this year.
Details of the EPYC line of processors and the highly differentiated value proposition they deliver have been well documented in our blogs, including earlier this month when AMD demonstrated the new Dell PowerEdge systems at Dell Technologies World.
For a more complete picture of the integrated security features built into AMD EPYC processors, including SME and SEV, please download the Pathfinder Research whitepaper.