AMD Publishes Source Code for Secure Encrypted Virtualization Technology

AMD has released the source code for its Secure Encrypted Virtualization (SEV) technology, which is used in AMD EPYC processor-based confidential computing virtual machines (VMs) offered by cloud service providers such as Amazon Web Services (AWS), Google Cloud, Microsoft Azure, and Oracle Compute Infrastructure (OCI). This move by AMD aims to enhance transparency in the security industry and allow customers to thoroughly examine the technology behind confidential computing VMs powered by AMD EPYC processors.

"As a leader in confidential computing, we are committed to continuous innovation and the development of modern security features that complement the advanced cloud offerings of our ecosystem partners," said Mark Papermaster, Executive Vice President and Chief Technology Officer at AMD. "By sharing the foundations of our SEV technology, we are promoting transparency in confidential computing and demonstrating our dedication to open source. Involving the open-source community will further strengthen this critical technology for our partners and customers who expect the highest level of data protection."

Google Cloud's VP of Cloud Security, Jeff Reed, commented, "At Google Cloud, we are focused on helping customers protect their data throughout its entire lifecycle. As the first cloud service provider to support AMD's encryption in use capability, this release represents another significant milestone in our long-standing collaboration to enable transparent, robust confidentiality of data in process at Google Cloud."

Microsoft Azure's Azure CTO and Technical Fellow, Mark Russinovich, also praised AMD's decision to make parts of their security firmware available for public inspection, stating, "This is totally in line with Azure confidential computing's philosophy of embracing open source and open sourcing our own code where practical."

Expanding Capabilities of Cloud Service Providers with AMD Processors

AMD EPYC processors offer top-notch performance and modern security features to protect data at rest, in motion, and in use. These processors are at the core of a growing range of confidential computing-enabled VMs offered by major cloud service providers, providing customers with the assurance they need to migrate sensitive workloads to the cloud. By utilizing AMD EPYC processors and the AMD Infinity Guard suite of security features, AMD remains a leading technology partner for confidential computing.

Some examples of how cloud service providers are leveraging AMD EPYC processors for confidential computing include:

  • AWS supports AMD EPYC powered confidential computing with SEV-SNP in the EC2 M6a, C6a, and R6a instances.
  • Google Cloud offers various ways to support Confidential Computing with AMD EPYC processors, including Confidential Spaces, General Availability of Confidential VMs and Confidential GKE as IAAS services, and confidential Dataflow and Confidential Dataflow based Analytics solutions.
  • Microsoft Azure uses AMD EPYC processors to power multiple confidential computing services, such as confidential virtual machines, confidential Azure Container instances, confidential VM node pools for Azure Kubernetes Service, Confidential VMs for SQL on Azure VMs, confidential VM cluster nodes for both Azure Databricks and Azure Data Explorer, and confidential VMs for Windows 11 Azure Virtual Desktop.
  • OCI provides high assurance of data control to its customers as they transition their workloads to the cloud, delivering the modern security features and impressive performance of the EPYC CPU-powered OCI E3 and E4-based Confidential VMs.

Customers Advancing Security in the Public Cloud

Customers like AstraZeneca and MonetaGo are embracing AMD SEV technology to encrypt full system memory and individual VM memory, expanding their offerings for customers. The AMD EPYC processor portfolio provides an all-in feature set with modern security features to power optimized compute infrastructure for workloads that require the highest level of confidentiality.

Supporting Resources: