AMD’s Secure Encrypted Virtualization Came From Work on Consoles

(Image credit: AMD)

According to Forrest Norrod, Senior Vice President at AMD for Data Center and Embedded Solutions, AMD’s work on Xbox One and PlayStation 4 led to the development of the Secure Encrypted Virtualization (SEV) feature for the company’s EPYC servers. 

SEV A Must-Have Security Feature For Cloud Companies

Norrod believes that SEV will become a must-have feature for data center companies in the coming years:

"I think that it in three to four years, it will be ridiculous to even consider deploying a VM in the cloud if you can't control and isolate that thing cryptographically from the cloud provider.”

AMD started developing SEV when it was working on semi-custom chips for Microsoft’s Xbox One and Sony’s PlayStation 4, both of which launched in 2014. Norrod noted that the previous console generations were easily hacked, so console gaming piracy was rampant:

"Previous generations of the game consoles could be hacked, and so you could go down to probably any number of places within a 10-mile radius [and] buy a 4-terabyte hard drive [with] every PlayStation 3 game ever written on that hard drive.”

For the Xbox One and PS4, AMD implemented cryptographic isolation, which meant the developers of console games didn’t have to trust the players not to pirate their games. Norrod said learned about this feature soon after he joined AMD in 2014 and that he put it on the roadmap for the EPYC server chips. 

Norrod saw the potential of the feature for virtual machines and containers hosted in the cloud - in the same way console game developers don’t have to trust console owners, developers of cloud applications don’t have to trust the data center owners not to steal sensitive information from their applications.

What Is AMD’s SEV?

AMD’s Secure Encrypted Virtualization feature for EPYC chips enables the encryption of the entire memory of virtual machines on AMD-powered servers with no code changes required from the virtualized application developers (however, it needs to be enabled by the host operating system and hypervisor).

The difference between AMD’s SEV and Intel’s Software Guard eXtensions (SGX) is that SGX encrypts only a small portion of an application’s code, such as the part where the encryption keys are stored. AMD’s SEV encrypts the full running code of a virtualized application. 

There are upsides and downsides to both approaches. In theory, AMD’s SEV is better, because it encrypts more. However, in practice, that also means that it may not be as secure, as the attack surface of the encrypted code is much larger. Intel has also started working on a similar feature, called Multi-Key Total Memory Encryption (MKTME), but it should be a while before we see it on the market.

The first generation EPYC servers could only generate 15 encryption keys, but the second generation is capable of generating 509 keys. The keys are generated by AMD’s PSP, which comes with an Arm secure co-processor. These co-processors can’t be accessed by the hypervisor or virtual machines.

AMD's SEV Coming to A Server Near You

AMD worked with VMWare for the second-generation EPYC processors, so VMWare will support SEV in the next version of its VSphere virtualization software. IBM’s Red Hat and other Linux distributions will also support the feature soon. 

Said Norrod:

"You're going to be able to have a whole new level of security that you can control independent of your cloud provider.”

Dominic Daninger, a VP at Nor-Tech, a systems builder and partner to AMD, said that the high core count in the second-generation EPYC chips. He also called the new and improved SEV feature should be appealing to "anyone doing serious virtualization."

Virtualization-Based Security for Mainstream Users?

Virtualization has started to become an increasingly more common feature used by mainstream users, too. Microsoft also introduced the Windows Defender Application Guard, which contains a version of the Edge browser in a virtualized environment. Meanwhile, more recently introduced Windows Sandbox also allows users to create a "disposable Windows environment" in which they are free to try riskier applications or email attachments.

As Windows and other operating systems start taking advantage of virtualization-based security, it also makes AMD's Secure Encrypted Virtualization feature a bigger necessity not just for data center customers, but also PC and laptop buyers. AMD hasn't given any indication yet that SEV will be coming to consumer Ryzen chips.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.