Add SEV getting started guide for users #171
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Harika Nittala <[email protected]>
DGonzalezVillal
requested changes
Nov 5, 2025
Contributor
DGonzalezVillal
left a comment
DGonzalezVillal
left a comment
There was a problem hiding this comment.
I think the guide could use a bit more clarity around its main intention.
From my perspective, the goal of this guide should be to quickly introduce SEV and provide concise setup instructions for SNP. I emphasize SNP because that’s the feature we want users to focus on adopting, so it’s probably not necessary to go too deep into SEV-specific details.
I added some suggestions to help improve the organization of the guide and narrow its scope a bit. I think it’s meant for users who want to start using SNP but may not know how to get started.
One additional note — for users who simply want to use SNP (not certify an OS), we probably shouldn’t direct them to use the artifacts from this repository. Instead, they should check which operating systems we’ve already certified and then download the official releases for their hosts or guests. The images in this repo are minimized and slightly modified versions of the official ones, so they’re not intended for real production environments.
| @@ -0,0 +1,93 @@ | |||
| # Getting Started Guide for AMD Security Feature(SEV) on AMD EPYC Processor | |||
Contributor
There was a problem hiding this comment.
Suggested change
| # Getting Started Guide for AMD Security Feature(SEV) on AMD EPYC Processor | |
| # Enabling AMD Security Features in AMD EPYC Processors |
| # Getting Started Guide for AMD Security Feature(SEV) on AMD EPYC Processor | ||
|
|
||
| ## SEV Introduction | ||
| When a virtual machine is started, data is loaded into memory (RAM). This makes the data vulnerable to software or hardware probing by attackers on the host system, especially in shared environments like cloud computing, where resources are shared by many tenants. For this reason, users must ensure that the data in RAM is secure and protected from both attackers and hypervisors. This reduces the amount of trust virtual machines need to place in the hypervisor and the host system's administrators. |
Contributor
There was a problem hiding this comment.
Suggested change
| When a virtual machine is started, data is loaded into memory (RAM). This makes the data vulnerable to software or hardware probing by attackers on the host system, especially in shared environments like cloud computing, where resources are shared by many tenants. For this reason, users must ensure that the data in RAM is secure and protected from both attackers and hypervisors. This reduces the amount of trust virtual machines need to place in the hypervisor and the host system's administrators. | |
| When a virtual machine (VM) starts, data is loaded into system memory (RAM). This data can be vulnerable to software or hardware probing by attackers on the host system—especially in shared environments like cloud platforms, where multiple tenants share the same physical resources. To mitigate this risk, users must ensure that data in RAM is protected from both attackers and hypervisors. Doing so reduces the level of trust that virtual machines need to place in the hypervisor and host administrators. | |
| AMD EPYC processors introduce confidential computing technologies that provide memory encryption for virtualized environments, protecting data not only from physical attacks but also from other virtual machines and even the hypervisor itself. | |
| The following sections describe the different generations of Secure Encrypted Virtualization (SEV), each building on the previous generation and introducing new security capabilities and features: |
| ## SEV Introduction | ||
| When a virtual machine is started, data is loaded into memory (RAM). This makes the data vulnerable to software or hardware probing by attackers on the host system, especially in shared environments like cloud computing, where resources are shared by many tenants. For this reason, users must ensure that the data in RAM is secure and protected from both attackers and hypervisors. This reduces the amount of trust virtual machines need to place in the hypervisor and the host system's administrators. | ||
|
|
||
| **AMD's SEV (Secure Encrypted Virtualization)** is a technology used to protect KVM virtual machines (VMs) by transparently encrypting the memory of each VM with a unique key. SEV can also calculate a signature of the memory's content. This signature is provided to the VM's owner as an attestation to prove that the memory was correctly encrypted by the firmware. |
Contributor
There was a problem hiding this comment.
Suggested change
| **AMD's SEV (Secure Encrypted Virtualization)** is a technology used to protect KVM virtual machines (VMs) by transparently encrypting the memory of each VM with a unique key. SEV can also calculate a signature of the memory's content. This signature is provided to the VM's owner as an attestation to prove that the memory was correctly encrypted by the firmware. | |
| **SEV (Secure Encrypted Virtualization)**: is the first generation of the security features. It protects KVM virtual machines (VMs) by transparently encrypting the memory of the VM using a unique key. |
|
|
||
| **AMD's SEV (Secure Encrypted Virtualization)** is a technology used to protect KVM virtual machines (VMs) by transparently encrypting the memory of each VM with a unique key. SEV can also calculate a signature of the memory's content. This signature is provided to the VM's owner as an attestation to prove that the memory was correctly encrypted by the firmware. | ||
|
|
||
| **AMD's SEV-ES (Secure Encrypted Virtualization - Encrypted State)** is a technology that encrypts all CPU register contents when a VM halts running, preventing the information leak from the CPU registers to components like hypervisor. |
Contributor
There was a problem hiding this comment.
Suggested change
| **AMD's SEV-ES (Secure Encrypted Virtualization - Encrypted State)** is a technology that encrypts all CPU register contents when a VM halts running, preventing the information leak from the CPU registers to components like hypervisor. | |
| **ES (Encrypted State)**: is the second generation of SEV. It adds CPU register encryption when a VM stops running, preventing the information leak from the CPU registers to components like the hypervisor. |
|
|
||
| **AMD's SEV-ES (Secure Encrypted Virtualization - Encrypted State)** is a technology that encrypts all CPU register contents when a VM halts running, preventing the information leak from the CPU registers to components like hypervisor. | ||
|
|
||
| **AMD's SEV-SNP (AMD Secure Encrypted Virtualization-Secure Nested Paging)** is a technology which adds strong memory integrity protection on top of AMD's SEV and SEV-ES to aid in preventing malicious hypervisor-based attacks(data replay, memory mapping and so on) to create an isolated execution environment. |
Contributor
There was a problem hiding this comment.
Suggested change
| **AMD's SEV-SNP (AMD Secure Encrypted Virtualization-Secure Nested Paging)** is a technology which adds strong memory integrity protection on top of AMD's SEV and SEV-ES to aid in preventing malicious hypervisor-based attacks(data replay, memory mapping and so on) to create an isolated execution environment. | |
| **SNP (Secure Nested Paging)**: is the third generation of SEV. It adds strong memory integrity protection on top of SEV and ES to aid in preventing malicious hypervisor-based attacks(data replay, memory mapping and more) to create an isolated execution environment. SNP also introduces several additional optional security enhancements designed to support additional VM use models, offer stronger protection around interrupt behavior, and offer increased protection against recently disclosed side channel attacks. It also introduces a new attestation model that allows run-time attestation in SNP protected VMs. |
Comment on lines
+48
to
+59
| $ qemu-system-x86_64 \ | ||
| -enable-kvm \ | ||
| -machine q35 \ | ||
| -cpu EPYC-v4 \ | ||
| -machine memory-encryption=sev0 \ | ||
| -monitor none \ | ||
| -display none \ | ||
| -object memory-backend-memfd,id=ram1,size=<guest-ram-size> \ | ||
| -machine memory-backend=ram1 \ | ||
| -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1 kernel-hashes=on" \ | ||
| -bios <amdsev-ovmf-path> \ | ||
| -kernel <guest-user-image-path> |
Contributor
There was a problem hiding this comment.
Suggested change
| $ qemu-system-x86_64 \ | |
| -enable-kvm \ | |
| -machine q35 \ | |
| -cpu EPYC-v4 \ | |
| -machine memory-encryption=sev0 \ | |
| -monitor none \ | |
| -display none \ | |
| -object memory-backend-memfd,id=ram1,size=<guest-ram-size> \ | |
| -machine memory-backend=ram1 \ | |
| -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1 kernel-hashes=on" \ | |
| -bios <amdsev-ovmf-path> \ | |
| -kernel <guest-user-image-path> | |
| $ qemu-system-x86_64 \ | |
| -enable-kvm \ | |
| -machine q35 \ | |
| -cpu EPYC-v4 \ | |
| -machine memory-encryption=sev0 \ | |
| -monitor none \ | |
| -display none \ | |
| -object memory-backend-memfd,id=ram1,size=<guest-ram-size> \ | |
| -machine memory-backend=ram1 \ | |
| -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1 kernel-hashes=on\ | |
| -bios <amdsev-ovmf-path> \ | |
| -hda path-to-image |
Contributor
There was a problem hiding this comment.
Also you have an extra quotation mark (") that messes everything up.
|
|
||
| `amdsev-ovmf-path` refers to the AMDSEV UEFI compatible guest firmware located at either `/usr/share/ovmf/OVMF.amdsev.fd` or `/usr/share/edk2/ovmf/OVMF.amdsev.fd` based on your host linux distribution. | ||
|
|
||
| `guest-user-image-path` refers to your custom guest image file path. |
Contributor
There was a problem hiding this comment.
Also in your command remember that UKIs can be booted using the -kernel parameter, but regular qcow2 images can't. So it would be important to note the difference.
|
|
||
| `guest-user-image-path` refers to your custom guest image file path. | ||
|
|
||
| Guest users can refer to [QEMU documentation](https://www.qemu.org/documentation/) for the additional guest capabilities. |
Contributor
There was a problem hiding this comment.
Maybe point them here https://www.qemu.org/docs/master/system/i386/amd-memory-encryption.html to see more sev settings they can set.
Comment on lines
+69
to
+70
| ### 3. Verifier | ||
| Verifiers seek to perform AMD' SEV validation checks to confirm the presence and functionality of AMD’s Secure Encrypted Virtualization features. These verifiers may include operating system vendors, hardware manufacturers, or OEMs evaluating support within their platforms, firmware, or pre-release operating systems. |
Contributor
There was a problem hiding this comment.
I don't really understand what a verifier is supposed to be. Someone that is verifying OS distros?
Comment on lines
+79
to
+93
| - **Verify the presence of the newly added host and guest artifacts** under the `Development Images` release tag in the forked sev-certify repository. | ||
|
|
||
| - **Set up and execute the [dispatch](https://github.com/AMDEPYC/dispatch.git) tool** against the development branch of the forked repository. Instructions for configuring and running the dispatch tool with the current host artifacts can be found [here](https://github.com/AMDEPYC/sev-certify/blob/main/docs/how-to-generate-certs.md). | ||
|
|
||
| To validate a new OS pre-release, verifiers can run the dispatch tool on your `sev-certify` fork using the following command:: | ||
| ```sh | ||
| ./dispatch --owner <your GH username> --repo sev-certify <your-new-os-pre-release> | ||
| ``` | ||
|
|
||
| Alternatively, to download and utilize all existing host artifacts from your `sev-certify` fork, the following command may be used: | ||
| ```sh | ||
| ./dispatch --owner <your GH username> --repo sev-certify | ||
| ``` | ||
|
|
||
| - **Review the new sev-certificate** by examining the newly generated GitHub issues under the forked sev-certify repository, which detail the AMD's SEV feature status and validation outcomes. No newline at end of file |
Contributor
There was a problem hiding this comment.
Instead of writing these instructions you could point them to the guide that was already written about how to run the project.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Created an easy-to-use Getting Started SEV guides for different users: