Explore Confidential Computing with AMD SEV-SNP in SUSE Linux

Discover how SUSE Linux Enterprise Server 15-SP6 brings AMD SEV-SNP to confidential computing as a technology preview. Learn about the enhanced security features for virtual machines and how to get started with this cutting-edge technology.

As a member of the Confidential Computing Consortium SUSE has a long history of shipping the latest upstream technologies for confidential computing to its customers. In 2022 SUSE Linux Enterprise Server 15-SP4 was one of the first products bringing the AMD SEV-ES feature to enterprise customers.

Today we announce the general availability of the Confidential Computing Module for SUSE Linux Enterprise Server 15-SP6, which brings the AMD SEV-SNP confidential computing feature as a technology preview to interested users.

What is Confidential Computing?

The term Confidential Computing is widely used today to describe a range of technologies which protect data-in-use. Compared to data being in transit (via networks) or at rest (on disk), confidential computing protects data while it is loaded into the memory of the physical machine.

Confidential computing ensures the privacy and integrity of data and code in a trusted execution environment (TEE). A TEE is provided by hardware measures and can cryptographically prove its integrity.

At the lowest layer confidential computing is enabled by a set of hardware features to run TEEs, which provide:

• Isolation from other execution environments on the same physical machine. Hardware architectures isolate the memory and the execution state of the TEE, making it inaccessible to the rest of the system, including TEE management software.
• Attestation of TEE state. With attestation, confidential computing hardware provides a cryptographic proof of the (initial) execution state of the TEE, serving as a root-of-trust for software managed runtime attestation features.

Several hardware and platform architecture vendors integrated confidential computing functionality into their products. There are two main types:

• Enclave-based Confidential Computing establishes a TEE within a running program. This keeps TEE footprint is small and easier to attest and certify. The downside is that software needs to be modified to use enclaves.
• Virtualization-based Confidential Computing protects a full confidential virtual machine (CVM) environment. The CVM can run a full operating system with any existing workload. The full operating system in the CVM makes attestation more challenging.

SUSE Linux Enterprise Server 15-SP6 now has packages for AMD Secure Encrypted Virtualization with Secure Nested Paging (AMD SEV-SNP) as a Technology Preview, a virtualization-based confidential computing extension for AMD EPYC processors.

AMD Secure Encrypted Virtualization

AMD SEV-SNP is a confidential computing hardware technology present in AMD EPYC processors from generation 3 and newer. It is based on hardware virtualization extensions and achieves isolation by adding these measures:

• Full memory encryption. The memory of the virtual machine is encrypted by default, making all of its code and data invisible to the virtual machine manager (VMM) or any other software running on the same physical machine. A unique memory encryption key, which is never accessible to software, is generated by the hardware for each virtual machine. The operating system in the virtual machine can decide to make part of the  memory visible to the VMM for communication purposes.
• Full state encryption. The register state, including instruction pointer, stack pointer and FPU state are encrypted and protected from external modification. This completes the privacy of data and ensures the integrity of the execution flow.
• Memory Integrity Protection. Any data and code in the confidential virtual machine is integrity protected so that the VMM or other external software can not modify the encrypted memory by, e.g., replaying older copies of the same memory or by remapping encrypted memory to other guest addresses.
• Launch Attestation. AMD SEV-SNP hardware will provide a secure hash over the initial execution state of the virtual machine and signs that hash with a secret key. The secret key is certified with a chain reaching up to a product specific AMD root certificate. The result can be queried by the TEE via an Attestation Report and serves as a cryptographic proof for the correct setup of the TEE.

Besides others these are the most important features provided by AMD SEV-SNP for running a confidential virtual machine.

AMD SEV-SNP in SUSE Linux Enterprise Server 15-SP6

SUSE Linux Enterprise distributions fully support running as a guest operating system in an AMD SEV-SNP protected environment since version 15-SP4, providing a solid and enterprise-ready base for running confidential workloads at all major cloud service providers.

Today AMD SEV-SNP for SUSE Linux Enterprise enters a new phase by adding the ability to run confidential virtual machines on premises with our latest product. In particular, SUSE added AMD SEV-SNP functionality to these components of the Confidential Computing Module for SUSE Linux Enterprise Server 15-SP6:

• Linux Kernel. Our confidential compute kernel provides the KVM interface to make AMD SEV-SNP functionality accessible to the QEMU VMM.
• QEMU. A patched QEMU that can use the confidential computing features of the Linux kernel.
• LibVirt provides the management layer to set up and run confidential virtual machines protected by AMD SEV-SNP.

SUSE provides AMD SEV-SNP to interested customers and partners as a Technology Preview. This Confidential Computing Module contains updated packages for the Linux kernel, QEMU, and Libvirt which serve as replacements for the default packages shipped with SUSE Linux Enterprise. The packages in the module are currently not covered by SUSE’s enterprise support.

Interested users can activate the module and install the replacement packages on their AMD EPYC hardware to experience the security of confidential computing.

Outlook

The AMD SEV-SNP feature is available as an unsupported Technology Preview for SUSE Linux Enterprise Server 15-SP6. With SUSE Linux Enterprise Server 15-SP7 the feature will be part of the main distribution, making it available to all customers and partners with full enterprise support.

This article is the first in a series of blog posts around new confidential computing features in SUSE products. In the next weeks follow-on articles will describe in detail how to enable AMD SEV-SNP on SUSE Linux Enterprise Server 15-SP6 and run confidential virtual machines, how to cryptographically prove the integrity of the CVMs and how to securely run complex confidential workloads.