The upcoming Fedora 34 distribution is expected to introduce a new feature that no one else has yet. It will feature sevctl & ; an open-source utility for managing the Secure Encrypted Virtualization (SEV) on AMD EPYC processors. This utility displays different details of SEV, allows managing certificates, platform status and so on. It implements all the basic features available through the SEV API. SEV technology, remember, allows to isolate virtual machines by encrypting their memory using AES (128 bit) algorithm using unique keys managed by a separate AMD Secure Processor SoC, located right inside EPYC chips. AMD technology appeared in the first generation of EPYC 7001 (Naples) processors. AMD implemented SEV support in the Linux kernel and related parts of the open-source virtualization stack. In EPYC 7002 (Rome), the company increased the number of available memory encryption keys from 15 to 509, and EPYC 7003 (Milan) added the SEV-SNP (Secure Nested Paging) extension, which protects guest systems from attempts to tamper with their memory by the hypervisor. The sevctl utility itself has been released under the Apache 2.0 license as part of the Enarx project to work with trusted runtime environments from various vendors. Its source code is available on GitHub. It is also available in the repository. And Fedora 34 itself is scheduled for release at the end of April of this year.
0 Comments