security-misc icon indicating copy to clipboard operation
security-misc copied to clipboard
verified publisher icon Kicksecure

Provide the option to enable AMD SEV-ES and SEV-SNP

Open raja-grewal opened this issue 1 month ago • 2 comments

This pull request provides the options to enable two extensions of AMD Secure Encrypted Virtualization (SEV):

  • SEV-ES (Encrypted State) extends SEV by encrypting each guests virtual CPU register state during VM exits, and
  • SEV-SNP (Secure Nested Paging) extends SEV by activating hardware-level memory integrity.

As per suggested in https://github.com/Kicksecure/security-misc/pull/338#issuecomment-3588000749 by @ArrayBolt3.

Changes

There are no changes to the functionality of the codebase.

Provide the disabled by default options:

kvm_amd.sev_es=1
kvm_amd.sev_snp=1

Mandatory Checklist

  • [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements:

Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

Optional Checklist

The following items are optional but might be requested in certain cases.

  • [x] I have tested it locally
  • [x] I have reviewed and updated any documentation if relevant
  • [ ] I am providing new code and test(s) for it

raja-grewal avatar Dec 11 '25 14:12 raja-grewal