⚙️
Morphisms: Confidential Serverless Containers
  • Introduction
  • Preliminaries
    • What is Confidential Computing?
      • Threat Model
      • Intel SGX
        • Threat Model
        • Memory Layout
        • Memory encryption
        • Enclave Lifecycle
        • Entering and Exiting an Enclave
        • Measurement
        • Certificate
        • Key Derivation
        • Attestation
        • Gramine
        • SGX2
        • Secret Key Provisioning
      • AMD SEV-SNP
        • Encrypted CPU Registers
        • Memory encryption
        • Secure Nested Paging
        • Virtual Machine Privilege Levels (VMPL's)
        • Cryptographic Keys
        • Secret Key Provisioning
        • Guest Deployment
    • Serverless (FaaS)
      • Knative
  • Confidential Serverless Containers
    • Introduction
    • Intel SGX
      • Threat Model
      • Remote attestation verification
      • Secure Storage
        • HashiCorp's Vault
      • Architecture
        • Confidential Knative
        • Certificates
        • Session Management
      • Confidential Container Configuration
    • AMD SEV-SNP
      • Threat Model
      • Architecture
        • Network communication
        • KMS
        • Updates
        • Key rotation
      • Design Decision
  • Benchmarks
    • Hardware
    • Results
    • Architecture Comparison
  • Getting Started
    • FAQ
    • Intel SGX
    • AMD SEV-SNP
  • Glossary
    • SGX Glossary
    • AMD SEV-SNP Glossary
Powered by GitBook
On this page
  1. Preliminaries
  2. What is Confidential Computing?

AMD SEV-SNP

AMD SEV-SNP is a virtual machine-based confidential computing technology that is an extension of AMD-V. Virtual machines protected by AMD SEV-SNP are called Confidential Virtual Machines (cVMs). A major advantage of AMD SEV-SNP is that it is completely transparent to software and can run any software unmodified and unrestricted. This is achieved by having a trusted operating system inside the cVM. However, the operating system kernel must support SEV. Current versions of the Linux kernel do this out of the box. As enclaves, cVMs provide complete isolation from the rest of the software stack through memory encryption and isolation performed by the CPU. AMD SEV protects against malicious code running in higher privileged software and against physical system access. SEV uses a potentially malicious hypervisor to manage the resources and lifecycle of a trusted VM and for device emulation. Because memory is protected by cryptography, the trusted VM can protect itself from the hypervisor. AMD SEV-SNP has the same threat model as described in Threat Model.

The AMD Secure Processor (AMD-SP) is an additional CPU built into the AMD processor. The processor runs the AMD-signed and integrity-protected SEV firmware, implements SEV functionality, and provides an SEV-specific API for software such as a hypervisor. It also has its own isolated memory.

PreviousSecret Key ProvisioningNextEncrypted CPU Registers

Last updated 1 year ago