AMD SEV Virtual Machine Support

Roadmap
23

It looks like AMD-SEV is completely broken: https://arxiv.org/pdf/2108.04575.pdf, also posted here: Long term R&D: TEE enhanced IC (proposal) - #10 by lastmjs

1 Like
24

Hello, sorry for the late reply. We have been focusing on bringing SEV-SNP enabled nodes on the BTC subnet. Here is the current plan and status:

  1. Complete SEV-SNP design - ongoing
  2. Move ahead with qualifying more Gen-2 hardware - ongoing
  3. Bring Gen-2 hardware to the IC (and BTC subnet in particular)
  4. Enable SEV-SNP for BTC subnet nodes.

We will keep the forum updated with the progress.

7 Likes
25

Will this be the first subnet that has SEV-SNP enabled nodes? Will other subnets soon enable this feature? Exciting stuff!

1 Like
26

What is the latest update for SEV-SNP?

1 Like
27

Hello!

We are currently actively working on this!

We are working on (1) rolling out SEV-SNP hardware and (2) developing software to support a SEV-SNP GuestOS.

SEV-SNP is a hardware-based security feature, which means we must test and onboard SEV-SNP enabled nodes. We have just begun onboarding new node providers with SEV-SNP enabled nodes (what we’re calling “gen2 node machines”). However, these machines are not yet running GuestOS VMs in SEV-SNP mode, as there is much work that must be done first.

Enabling GuestOS to run with SEV-SNP support is not trivial, as:

  • This is still a new technology and is being actively developed.
  • The gen2 SEV machines must interoperate with the gen1 non-SEV machines.
  • When a node enters a subnet and begins communicating with peers, we must perform mutual attestation between each node in the subnet to the joining node to establish trust.
  • The GuestOS upgrade process becomes more complicated. Now, in order to upgrade the GuestOS, an additional SEV-SNP enabled VM must be spun up and go through an attestation process before data can be transferred from the old VM to the new VM.

We are likely still a few months away from the first SEV-SNP enabled GuestOS running in production, but we will give more updates as we get closer!

8 Likes
28

Thanks for the update! Good luck with all of this work

3 Likes