Upcoming x86 Technologies for Malicious Hypervisor Protection

Explore AMD's next-generation x86 virtualization isolation technology, SEV-SNP (Secure Nested Paging), in this 40-minute Linux Foundation conference talk by David Kaplan from AMD. Discover how SEV-SNP builds upon existing AMD SEV and SEV-ES features to provide enhanced hardware security designed to protect virtual machines from malicious hypervisors. Learn about new memory integrity protection, use models, and increased flexibility in attestation and VM management for protected VMs in hostile environments. Delve into the specific security measures provided by the SEV-SNP architecture, its stronger threat model, and the new hardware structures and x86 instructions being implemented. Gain insights into the potential impacts on the open-source ecosystem and areas where Linux may leverage these new protections. Topics covered include threat models, VM threats, integrity enforcement, RMP checks, page validation, interrupt protections, trusted platform information, guest launch, TCB versioning, VM attestation, migration, and side channels.