AMD Secure Encrypted Virtualization is a umbrella of AMD technologies that are used to make confidential VMs.
These VMs are encrypted by hardware and the hypervisor+Dom0 (Xen/XCP-ng) cannot know what happens in it (aside what the guest wants to share with it). It is a part of ETSI (REQ-H-CONF-003) and is expected in some environments (banks, defence, …)
Such effort has been work in progress for quite a while (from our side) and is actually in a reasonably testable state. As of today, we have several experimental patch set that adds support SEV and SEV-ES VMs (with some limitations), but upstreaming is still quite far away (and requirements for it are still quite brittle).
It was at least, until the end of this year funded BPI, but there’s still quite a lot of work to do.
I would like at this session to discuss :