Showing results for 
Search instead for 
Did you mean: 

AMD EPYC™ Processors Deliver Confidential Computing for Public and Private Cloud Environments

2 0 6,682

New Technology Creates New Opportunities

Cloud environments can replace costly specialized compute, storage, and networking nodes by implementing these functions using standard servers. Running a workload in a cloud environment is as easy as defining the compute and storage resources you need and how those resources should connect to each other and the outside world. You can often do this using a few mouse clicks, a few simple commands, or by loading an existing configuration. What’s more, many workloads don’t run 24x7. When you’re done with a public cloud, you may be able to stop paying for some or all of those resources. When you’re done with a private cloud, you can release the resources for use by someone else in your organization.

You can leverage virtualized environments in any or all of the following ways:

  • On-premises: Your organization owns all of the hardware that hosts your virtualized environment. In this scenario, you will use a hypervisor such as one from VMware® or an appliance such as one from Nutanix™ to create the virtual servers, storage, and networking. This setup is called a private cloud.
  • Public cloud: Your organization rents the resources it needs from a Cloud Service Provider (CSP), such as Google Cloud, Microsoft Azure, or Amazon AWS.
  • Hybrid: Some mix of public and private. For example, your organization may use a private cloud and expand to a public cloud to handle surge needs.

New Opportunities Create New Threats

Think of legacy networks as a single-family home where only a few people have the key and where there are only so many doors and windows. Cloud environments resemble an apartment building that offers denser, more flexible land use but with more doors, windows, and people with keys. Someone could even use an adjacent apartment to spy on or steal from a neighbor. We know the need to lock our doors when leaving home, but how many of us worry about security inside our own homes?

The virtualization inherent in these multi-tenant public, private and hybrid cloud environments makes the memory, cache, and registers of each virtual machine potentially vulnerable to unauthorized access. We’ve long accepted the need to protect data at-rest and in-motion, but protecting data during use has only recently become a priority as virtualized environments become the norm.

Introducing Confidential Computing

Confidential computing uses hardware-based encryption to help protect data privacy and integrity. AMD EPYC processors include the Infinity Guard(1) suite of features that help protect sensitive data, including in virtualized environments. Secure Memory Encryption (SME) encrypts the system memory of the bare metal machine. Secure Encrypted Virtualization (SEV)(2), helps isolate individual virtual machines as the AMD Secure Processor generates unique keys used to encrypt guest memory. SEV Encrypted State (SEV-ES) adds an additional security layer by also encrypting the CPU register contents. SEV Secure Nested Paging (SEV-SNP) again extends the defense by providing integrity protection capabilities for guest memory. These technologies work together to help defend against an attacker performing unauthorized reads or writes to virtual machine memory, registers or caches.

Security often comes at the price of performance. It takes more time to unlock a door than go through an open door. Enabling the security features on AMD EPYC processors introduces only a small additional overhead. Here is a great example. These features are enabled at the BIOS, hypervisor, and guest operating system levels. No changes are required for your individual x86 applications.

Key AMD Stakeholders Support Confidential Computing

AMD works with stakeholders across our large and growing AMD EPYC ecosystem. Some of our key engagements include OS, hypervisor, and Cloud Service Provider (CSP) vendors that enable AMD EPYC security features in both bare metal and virtualized environments.

Public and Private Cloud

We are pleased to collaborate with leading CSPs and virtualization solutions, including:

  • Google Cloud*: Google’s Confidential VMs and Confidential GKE Nodes enable AMD Secure Encrypted Virtualization to help deliver confidential computing for the cloud.
  • IBM*: Exploring how Virtual Machine (VM) encryption can be applied to the Red Hat® OpenShift Container Platform (OCP) and to Kubernetes through the workload virtualization options provided by KubeVirt and Kata Containers.
  • Microsoft® Azure®*: Help keep your business-critical data secure while in use by leveraging Azure’s leading confidential computing infrastructure and services.
  • Nutanix*: Nutanix supports SEV on AOS. AMD and Nutanix are working to enable SEV on the Nutanix AHV hypervisor.
  • VMware®: VMware vSphere® 7.0 U1 and above offer out-of-the-box host-level SEV-ES support for virtual machines, and vSphere 7.0 U2 extends this protection to containers running operating systems that support SEV-ES, such as SUSE 15.

Operating System Support

All major Linux® distributions have out of the box support for SEV, including

Additional Ecosystem Engagements

The flexibility and scalability of cloud environments may make them an ideal choice for your IT needs. These architectures are continuing to evolve as newer designs are developed that further reduce system overhead and provide design approaches where security is a priority consideration. This video* gives a good example.

AMD has played a leadership role in developing hardware-based security, and we continue to develop and enhance these features throughout the software ecosystem. I’m proud of the great strides we have made together with our stakeholders to build a robust ecosystem for confidential computing.

In a future blog, I’ll talk more about the OS stacks that enable each of the three current tiers (SEV, SEV-ES, and SEV-SNP) of AMD EPYC CPU-based security features. I’ll also have some exciting news to share as 2022 continues. Stay tuned!

Raghu Nambiar is a Corporate Vice President of Data Center Ecosystems and Solutions for AMD. His postings are his own opinions and may not represent AMD’s positions, strategies or opinions. Links to third party sites are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied.


  1. AMD Infinity Guard features vary by EPYC™ Processor generations. Infinity Guard security features must be enabled by server OEMs and/or Cloud Service Providers to operate. Check with your OEM or provider to confirm support of these features. Learn more about Infinity Guard at GD-183
  2. See for additional information.

*Links to third party sites are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied.

About the Author
Raghu Nambiar currently holds the position of Corporate Vice President at AMD, where he leads a global engineering team dedicated to shaping the software and solutions strategy for the company's datacenter business. Before joining AMD, Raghu served as the Chief Technology Officer at Cisco UCS, instrumental in driving its transformation into a leading datacenter compute platform. During his tenure at Hewlett Packard, Raghu made significant contributions as an architect, pioneering several groundbreaking solutions. He is the holder of ten patents, with several more pending approval, and has made extensive academic contributions, including publishing over 75 peer-reviewed papers and 20 books in the LNCS series. Additionally, Raghu has taken on leadership roles in various industry standards committees. Raghu holds dual Master's degrees from the University of Massachusetts and Goa University, complemented by completing an advanced management program at Stanford University.