AMD has published the source code for AMD Secure Encrypted Virtualisation (SEV) technology, the backbone of AMD EPYC processor-based confidential computing virtual machines (VMs) available from cloud service providers including Amazon Web Services (AWS), Google Cloud, Microsoft Azure and Oracle Compute Infrastructure (OCI).
This release from AMD will drive greater transparency for the security industry and provide customers the opportunity to thoroughly review the technology behind confidential computing VMs powered by AMD EPYC processors.
“As a leader in confidential computing, we are committed to a relentless pursuit of innovation and creating modern security features that complement our ecosystem partners’ most advanced cloud offerings,” says Mark Papermaster, executive vice-president and chief technology officer at AMD. “By sharing the underpinnings of our SEV technology, we are delivering transparency for confidential computing and demonstrating our dedication to open source.
“Involving the open-source community will further strengthen this critical technology for our partners and customers who expect nothing less than the utmost protection for their most valuable asset – their data.”
Jeff Reed, vice-president: cloud security at Google Cloud, comments: “At Google Cloud, we are mission-focused on helping customers protect their data throughout its entire lifecycle.
“As the first cloud service provider to support AMD’s encryption in use capability, this release represents another significant milestone in our long-standing collaboration to enable transparent, robust, confidentiality of data in process at Google Cloud.”
Mark Russinovich, Azure chief technology officer and technical fellow at Microsoft, adds: “We applaud AMD’s decision to make portions of their security firmware available for public inspection. This is totally in line with Azure confidential computing’s philosophy of embracing open source and open sourcing our own code where practical.”
AMD EPYC processors are at the heart of a growing portfolio of confidential computing-enabled VMs from major cloud service providers; giving customers the assurance they need to move the sensitive workloads into the cloud.
Using the AMD EPYC processors and the AMD Infinity Guard suite of security features, AMD continues to be a technology partner of choice for confidential computing including:
- AWS supporting AMD EPYC powered confidential computing with SEV-SNP in the EC2 M6a, C6a and R6a instances.
- Google Cloud supports Confidential Computing with AMD EPYC processors in numerous ways. This includes Confidential Spaces for privacy-focused use cases such as joint data analysis and machine learning model training; General Availability of Confidential VMs and Confidential GKE as IAAS services, and confidential Dataflow and Confidential Dataflow based Analytics solutions.
- Microsoft Azure using AMD EPYC processors to power multiple confidential computing services, including confidential virtual machines, confidential Azure Container instances, confidential VM node pools for Azure Kubernetes Service, Confidential VMs for SQL on Azure VMs, confidential VM cluster nodes for both Azure Databricks and Azure Data Explorer, and confidential VMs for Windows 11 Azure Virtual Desktop. These services are designed to offer hardware-based trusted execution environments leveraging AMD SEV-SNP, which hardens guest protections, helping to guard against external threats operator access.
- Oracle Compute Infrastructure (OCI) provides its customers a high assurance of data control as customers transition their workloads to the cloud while delivering the modern security features and impressive performance of the EPYC CPU-powered of the OCI E3 and E4-based Confidential VMs.