AMD is an American processor company
Few days ago AMD unveiled Through a blog post, the release of the source code of its AMD SEV security mechanism (Secure Encrypted Virtualization), which aims to protect virtual machines from being compromised by a hypervisor or a host system administrator.
It must be remembered that AMD in 2016 launched SEV, as a secure encrypted virtualization security solution and with which it solved various problems in traditional virtualization technologies with the hypervisor that allowed access to guest data.
It is worth mentioning that AMD has already included SEV support in the main branch of the Linux kernel, both for the host and for KVM.
Regarding the release of the code, it is mentioned that the main reason of the publication of the code is cited as a demonstration of commitment to open source ideas (for example, AMD is already developing the open project openSIL related to firmware) and promoting an initiative to increase the transparency of security-related technologies.
In particular, the provided source code will allow an independent audit of the AMD SEV implementation.
“We applaud AMD's decision to make portions of its security firmware available for public inspection. This is fully in line with the Azure Confidential Computing philosophy of embracing open source and opening up our own code where practical.” Mark Russinovich, Azure CTO and Microsoft Technical Fellow.
Regarding the functionality of SEV, it is mentioned that the protection of AMD SEV is implemented using hardware-level encryption of virtual machine memory, where only the guest system it runs on has access to the decrypted data, while the rest of the virtual machines and the hypervisor receive an encrypted data set when they try to access this memory.
The encryption keys are managed on the side of a separate on-chip PSP (Platform Security Processor) processor, implemented on the basis of the ARM architecture, plus the technology is compatible with the AMD EPYC family of server processors.
Processors AMD EPYC are recognized for their performance and security features, which are designed to protect data at rest, in motion, and in use. These processors are increasingly being used in a growing portfolio of cloud service compute-enabled virtual machines, including Amazon Web Services (AWS), Google Cloud, Microsoft Azure, and Oracle Compute Infrastructure (OCI).
"As the leader in confidential computing, we are committed to a relentless pursuit of innovation and the creation of modern security features that complement the most advanced cloud offerings from our ecosystem partners," said Mark Papermaster, AMD executive vice president and chief technology officer. .
“By sharing the fundamentals of our SEV technology, we provide transparency for confidential computing and demonstrate our dedication to open source. Engaging the open source community will further strengthen this critical technology for our partners and customers who expect nothing less than the utmost protection for their most valuable asset – their data.”
With regards to license on which it was released the AMD SEV firmware code, it is mentioned that this You are allowed to use, copy, modify, distribute and create derivative works For use with AMD hardware only.
The license prohibits the inclusion of code in products distributed under other infringing licenses or patents. Firmware development continues internally at AMD, which has no intention of accepting third-party changes, but will consider feedback and feedback.
For those interested in the code, please note that it is released under a separate license agreement and corresponds to the SEV FW 1.55.25 firmware used in the fourth generation AMD EPYC processors and can be found on GitHub at the next repository.
finally if you are interested in knowing more about it, you can check the details in the following link