

USER GUIDE AMD EPYC 9004, 7003, 7002, 7001

# Using SEV with AMD EPYC™ Processors

Publication Revision Issue Date 58207 1.1 October, 2023

### © 2023 Advanced Micro Devices, Inc. All rights reserved.

The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD's products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.

#### **Trademarks**

AMD, the AMD Arrow logo, AMD EPYC, and combinations thereof are trademarks of Advanced Micro Devices, Inc. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

\* Links to third party sites are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied.

| Date      | Version | Changes         |
|-----------|---------|-----------------|
| Mar, 2023 | 1.0     | Initial release |
| Oct, 2023 | 1.1     |                 |

### **Audience**

This tuning guide is intended for a technical audience such as production deployment, virtualization developers, firmware engineers, and performance engineering teams with:

- A background in configuring servers.
- Access to the system BIOS.

### **Author**

Diego Gonzalez Villalobos and Anthony Hernandez

**ii** 58207 – 1.1





# **Table of Contents**

| Chapter 1  | Security Features by Processor Generation      |                |
|------------|------------------------------------------------|----------------|
| 1.1        | 4th Gen (9xx4)                                 |                |
| 1.2        | 3rd Gen (7xx3)                                 |                |
| 1.3        | 2nd Gen (7xx2)                                 |                |
| 1.4        | 1st Gen (7xx1)                                 |                |
|            |                                                |                |
| Chapter 2  | Enabling/Disabling SMEE                        |                |
| 2.1        | Enabling SMEE in BIOS                          |                |
|            | 2.1.1 AMD EPYC 9004 Series Processors          |                |
|            | 2.1.2 AMD EPYC 7003 Series Processors          |                |
|            | 2.1.3 AMD EPYC 7002 and 7001 Series Processors |                |
| 2.2        | Enabling SMEE via SMR                          |                |
| 2.3        | Disabling SMEE in BIOS                         |                |
|            | 2.3.1 AMD EPYC 9004 Series Processors          |                |
|            | 2.3.2 AMD EPYC 7003 Series Processors          |                |
|            | 2.3.3 AMD EPYC 7002 and 7001 Series Processors |                |
| 2.4        | Disabling SMEE via MSR                         |                |
| 2.5        | Enabling TSME on All Processors:               |                |
|            | 2.5.2 Disabling TSME on All Processors         |                |
|            | 2.3.2 Bisability 13ME Off All 1 Toccssors      |                |
| Chapter 3  | Configuring SEV                                | 15             |
| 3.1        | AMD EPYC 9004 Series Processors                | 1              |
| 3.2        | AMD EPYC 7003 and 7002 Series Processors       |                |
| 3.3        | AMD EPYC 7001 Series Processors                |                |
|            |                                                |                |
| Chapter 4  | Enabling/Disabling SNP                         | 19             |
| 4.1        | Enabling SNP                                   | 19             |
| 4.2        | Disabling SNP                                  | 2 <sup>2</sup> |
| Chapter 5  | OS Requirements                                |                |
| •          | •                                              |                |
| 5.1        | SEV                                            |                |
| 5.2<br>5.3 | SEV-ES<br>SEV-SNP                              |                |
| 2.3        | JEV-JINF                                       |                |

| Chapter 6  | OS Enablement                          | 25 |  |
|------------|----------------------------------------|----|--|
| 6.1        | Checking SEV Enablement                | 25 |  |
| 6.2        | Enabling SEV                           |    |  |
|            | 6.2.1 Additional Resources             | 26 |  |
| 6.3        | Enabling SEV-SNP                       |    |  |
| Chapter 7  | Updating SEV Firmware                  | 27 |  |
| 7.1        | DownloadFirmware                       | 27 |  |
| 7.2        | DownloadFirmwareEX                     |    |  |
| Chapter 8  | Launching an Encrypted VM              | 31 |  |
| 8.1        | Launching a VM with SEV Encryption     | 31 |  |
|            | 8.1.1 Launching with QEMU              | 31 |  |
|            | 8.1.2 Launching with Libvirt           |    |  |
| 8.2        | Launching a VM with SEV-ES Encryption  |    |  |
| 8.3        | Launching a VM with SEV-SNP Encryption |    |  |
| Chapter 9  | Confidential Containers                | 35 |  |
| Chapter 10 | Frequently Asked Questions             | 37 |  |
| Chapter 11 | Performance Data                       | 41 |  |



# Security Features by Processor Generation

AMD EPYC processors have the following security features by generation:

# 1.1 4th Gen (9xx4)

- · Secure Encrypted Virtualization (SEV)
- Secure Encrypted Virtualization Encrypted State (SEV-ES)
- Secure Nested Paging (SEV-SNP)
- 1006 ASID keys
- Transparent Secure Memory Encryption (TSME)

# 1.2 3rd Gen (7xx3)

- Secure Encrypted Virtualization (SEV)
- Secure Encrypted Virtualization-Encrypted State (SEV-ES)
- Secure Nested Paging (SEV-SNP)
- Either:
  - 509 ASID keys (in systems equipped with up to 8TB DRAM)
  - 253 ASID keys (in systems equipped with up to 16TB DRAM)
- TSME

58207 - 1.1

# 1.3 2nd Gen (7xx2)

- Secure Encrypted Virtualization (SEV)
- Secure Encrypted Virtualization-Encrypted State (SEV-ES)
- Either:
  - 509 ASID keys (in systems equipped with up to 8TB DRAM)
  - 253 ASID keys (in systems equipped with up to 16TB DRAM)
- TSME

# 1.4 1st Gen (7xx1)

- Secure Encrypted Virtualization (SEV)
- Secure Encrypted Virtualization-Encrypted State (SEV-ES)
- 15 ASID keys
- TSME

7

# **Enabling/Disabling SMEE**

This chapter describes how to enable the AMD Secure Memory Encryption (SMEE) feature. SMEE must be enabled in order to use all SEV features. All of the instructions shown in this chapter are based on AMD Custom Reference Boards (CRBs). The exact steps and images may vary by OEM and BIOS version..

# 2.1 Enabling SMEE in BIOS

This section describes to enable SMEE on AMD EPYC processors.

### 2.1.1 AMD EPYC 9004 Series Processors

SMEE is disabled by default on systems powered by AMD EPYC 9004 Series Processors because of incompatibility with certain Linux kernels. To enable SMEE:

1. Access your system BIOS.



Figure 2-1: System BIOS (AMD EPYC 9004 Series Processors)

**5**8207 – 1.1 **3** 

### 2. Select the Advanced tab.



Figure 2-2: BIOS Advanced tab (AMD EPYC 9004 Series Processors)

#### 3. Select AMD CBS.



Figure 2-3: AMD CBS tab (AMD EPYC 9004 Series Processors)

### 4. Select CPU Common Options.



Figure 2-4: CPU Common Options tab (AMD EPYC 9004 Series Processors)

5. Scroll down this tab, then select **SMEE**, and then set it to **Enable**.



Figure 2-5: SMEE enabled (AMD EPYC 9004 Series Processors)

**5**8207 – 1.1 **5** 

### 2.1.2 AMD EPYC 7003 Series Processors

SMEE is disabled by default on systems powered by AMD EPYC 7003 Series Processors because of incompatibility with certain Linux kernels. To enable SMEE:

1. Access your system BIOS.



Figure 2-6: System BIOS (AMD EPYC 7003 Series Processors)

### 2. Select the Advanced tab.



Figure 2-7: BIOS Advanced tab (AMD EPYC 7003 Series Processors)

### 3. Select **AMD CBS**.



Figure 2-8: AMD CBS tab (AMD EPYC 7003 Series Processors)

### 4. Select CPU Common Options.



Figure 2-9: CPU Common Options tab (AMD EPYC 7003 Series Processors)

**5**8207 – 1.1 **7** 

Scroll down this tab, then select SMEE, and then set it to Enable.



Figure 2-10: SMEE enabled (AMD EPYC 7003 Series Processors)

### 2.1.3 AMD EPYC 7002 and 7001 Series Processors

SMEE is **Enabled** by default on system powered by AMD EPYC 7002 or 7001 Series Processors.

# 2.2 Enabling SMEE via SMR

To enable SMEE via the processor MSR:

- x86 can set the SMEE bit (bit 23) in the SYS\_CFG MSR before OS boot.
- MSRC001 0010 [System Configuration] (Core::X86::Msr::SYS CFG)
- EDK2-based BIOS (non-CBS users) should specifically toggle this bit to enable/disable SEV if a reciprocal PCD method is not available for that processor family.

Note: This bit must be set on every CPU in the system.

Note: The bit is Write-1-Only, which (cannot be cleared once set, and which is set to 0 on system reset.

Note: AMD EPYC 7001 and 7002 Series Processors have SMEE enabled automatically. If SMEE is disabled in BIOS, then you can use MSR to reenable SMEE in the system.

# 2.3 Disabling SMEE in BIOS

This section describes disabling SMEE on AMD EPYC processors.

### 2.3.1 AMD EPYC 9004 Series Processors

To disable SMEE on a system with an AMD EPYC 9004 Series Processor:

- 1. Access your system BIOS.
- 2. Select the Advanced tab.
- 3. Select AMD CBS.
- 4. Select CPU Common Options.
- 5. Scroll down this tab, then select **SMEE**, and then set it to either **Auto** or **Disabled**.

### 2.3.2 AMD EPYC 7003 Series Processors

To disable SMEE on a system with an AMD EPYC 7003 Series Processor:

- 1. Access your system BIOS.
- 2. Select the **Advanced** tab.
- 3. Select AMD CBS.
- 4. Select CPU Common Options.
- 5. Scroll down this tab, then select SMEE, and then set it to either Auto or Disabled.

### 2.3.3 AMD EPYC 7002 and 7001 Series Processors

You cannot disable SMEE on a system with an AMD EPYC 7002 or 7001 Series Processor.

58207 - 1.1

# 2.4 Disabling SMEE via MSR

SMEE cannot be disabled in the MSR; the bit is Write-1-Only. You must either reset the system or disable SMEE in BIOS.

Note: Disabling SEV will allow the use of more than 16TB of system physical address space (DRAM + PCIe + MMIO, etc.) because x bits of physical address space will not be used for ASIDs/c-bit.

- AMD EPYC 9004 Series Processors: 52-bit addressing with no c-bit, SMEE/SEV off.
  - 46-bit address with SEV (1006 keys).
- AMD EPYC 7003 Series Processors: 48-bit addressing with no c-bit, SMEE/SEV off.
  - 43-bit address with SEV in 509-key mode, 44-bit in 253 key mode.
- AMD EPYC 7002 Series Processors: 48-bit addressing with no c-bit, SMEE/SEV off.
  - 43-bit address with SEV in 509-key mode, 44-bit in 253 key mode.
- AMD EPYC 7001 Series Processors: 48-bit addressing with c-bit, SMEE/SEV off.
  - 43-bit address with SME/SEV (16 keys).



#### **Enabling TSME on All Processors:** 2.5

Transparent Secure Memory Encryption (TSME, also known as Secure Memory Encryptio) uses a single key to encrypt system memory. The AMD Secure Processor generates this key at boot. TSME requires enablement in the system BIOS and offers transparent memory encryption that can run with any operating system. TSME is separate from SEV, and you need not run SEV in order to benefit from TSME. TSME is disabled by default.

#### 2.5.1 **Enabling TSME on All Processors**

To enable TSME on an AMD CRB:

- Access the system BIOS.
- Select Advanced.



58207 - 1.1 11

### 3. Select AMD CBS.



### 4. Select UMC Common Options.



### 5. Select **DDR Security**.



### 6. Set **TSME** to **Enabled**.



# 2.5.2 Disabling TSME on All Processors

To disable TSME on an AMD CRB:

- 1. Access the system BIOS.
- 2. Select Advanced > AMD CBS > UMC Common Options > DDR Security.
- 3. Set TSME to either Disabled or Auto.

3

# **Configuring SEV**

This chapter describes how to configure the Secure Encrypted Virtualization (SEV) feature.

### 3.1 AMD EPYC 9004 Series Processors

1. In BIOS, select **Advanced > AMD CBS > CPU Common Options**, and then set the **SEV Control** parameter to **Enable**.



Figure 3-1: Setting SEV-ES Control to Enabled (AMD EPYC 9004 Series Processors)

2. Select Advanced > AMD CBS > CPU Common Options, and then change the SEV-ES ASID Count from Auto (1006) to 1006 or below to change the maximum number of ASIDs and the maximum amount of addressable DRAM. Set SEV-ES ASID Space Limit to the desired value based on the types of VMs you will be running. ASIDs less than 'x' are for SEV-ES, and ASIDs greater than or equal to 'x' are for SEV. For example, if 5 is input in the field, then there will be 4 available SEV-ES ASIDs and the rest will be SEV only. If the field is set to 1, then SEV-ES will be disabled because

there are no available ASIDs for SEV-ES.See the **minSEVSASID** question in <u>"Frequently Asked Questions" on page 37</u> for more detailed information.



Figure 3-2: Configuring SEV-ES ASID Space Limit (AMD EPYC 9004 Series Processors)

### 3.2 AMD EPYC 7003 and 7002 Series Processors

To configure SEV on a system powered by an AMD EPYC 7003 or 7002 Series Processor:

In BIOS, select Advanced > AMD CBS > CPU Common Options, and then set the SEV-ES ASID Space Limit Control
parameter to Manual.



Figure 3-3: Setting SEV-ES Space Limit Control to Manual (AMD EPYC 7003 and 7002 Series Processors)

2. Select Advanced > AMD CBS > CPU Common Options, and then change the SEV-ES ASID Count from Auto (509/253) to 509/253 or less to change the maximum number of ASIDs and the maximum amount of addressable DRAM. Set SEV-ES ASID Space Limit to the desired value based on the types of VMs you will be running. ASIDs less than 'x' are for SEV-ES, and ASIDs greater than or equal to 'x' are for SEV. For example, if 5 is input in the field, then there will be 4 available SEV-ES ASIDs and the rest will be SEV only. If the field is set to 1, then SEV-ES will be disabled because there are no available ASIDs for SEV-ES. See the minSEVSASID question in "Frequently Asked Questions" on page 37 for more detailed information.

Note: If the system detects 8TB or more of DRAM, then BIOS will automatically switch this to 253 ASIDs.



Figure 3-4: Configuring SEV-ES ASID Space Limit (AMD EPYC 7003 and 7002 Series Processors)

### 3.3 AMD EPYC 7001 Series Processors

1. In BIOS, select **Advanced > AMD CBS > CPU Common Options**, and then set the **SEV-ES ASID Space Limit Control** parameter to **Manual**.



Figure 3-5: Setting SEV-ES Space Limit Control to Manual

2. Set **SEV-ES ASID Space Limit (16)** to the desired value based on the types of VMs you will be running. ASIDs less than 'x' are for SEV-ES and ASIDs greater than or equal to 'x' are for SEV. See the **minSEVSASID** question in <u>"Frequently Asked Questions" on page 37</u> for more detailed information. AMD recommends leaving this setting at either **Auto** or **1**.



Figure 3-6: Configuring SEV-ES ASID Space Limit

4

# **Enabling/Disabling SNP**

This chapter describes how to enable and disable the AMD Secure Nested Paging (SNP) feature. This only applies to AMD EPYC 7003 Series Processors and above.

# 4.1 Enabling SNP

To enable SNP:

Enable and configure SEV and SEV-ES, as described in "Configuring SEV" on page 15.

Note: SNP only works on ASIDs that are SEV-ES capable (below MinSEVASID).

- In the system BIOS, select Advanced > AMD CBS > CPU Common Options.
- Change SNP Memory (RMP Table) Coverage from Auto (which means Disabled) to Enabled. This will reserve
  memory for SNP and create the RMP that covers all of memory. If needed, you can select Custom to set the RMP to
  not cover all of memory.

Note: This only required for Linux hosts. Microsoft hosts do not require this when using SEV-SNP under Hyper-V.



Figure 4-1: Changing SNP Memory (RMP Table) Coverage

You can also do this using MSRs. Before enabling SNP, first zero the RMP memory, and then write the address of the memory into the MSRs.

- MSRC001\_0132 [RMP Base] (Core::X86::Msr::LS\_RMP\_BASE)
- MSRC001 0133 [RMP End] (Core::X86::Msr::LS RMP END)
- Enable SNP by setting the following MSR to 1:

  MSRC001\_0010 [System Configuration] (Core::X86::Msr::SYS\_CFG) bit 25 VmplEn set to 1

Please see Sections 15.26.4 and 15.36.1 in Volume 2 of the AMD <u>Architecture Programmer's Manual</u> for more information on RMP programming.

Next, configure the IOMMU to disable the vIOMMU:

In BIOS, select Advanced > AMD CBS > NBIO Common Options.



Figure 4-2: NBIO Common Options



Set **SEV-SNP Support** to **Enabled** (default is **Disabled**).



Figure 4-3: Enabling SEV-SNP support

#### **Disabling SNP** 4.2

Do not enable the SecureNestedPaqingEn MSR bit: MSRC001 0010 [System Configuration] (Core::X86::Msr::SYS CFG) bit 24 via x86.

Note: The system BIOS will never enable SecureNestedPagingEn. It always must be enabled by x86.

AMD recommends to leaving SNP Memory (RMP Table) Coverage set to Auto/Disabled in the BIOS, but there is no harm in leaving it **Enabled** if the hypervisor eventually wants to enable SNP. Leaving SNP memory coverage enabled will only remove some usable memory from the system.

The RMPBase and RMPEnd settings do not matter because RMP protection is not in effect since the SYS CFG MSR for SecureNestedPagingEn (bit 24) is disabled.

> 58207 - 1.1 21

This page intentionally left blank.

5

# **OS Requirements**

For SEV or SEV-ES, verify that your OS supports SEV as a hypervisor and/or SEV as a guest, as shown in the following tables.

Note: TSME is OS-independent and only needs enablement in the BIOS.

### **5.1 SEV**

The following kernels/OS support SEV:

| OS/KERNEL    | HOST      | GUEST     |
|--------------|-----------|-----------|
| Linux 4.15   |           | $\square$ |
| Linux 4.16   |           | $\square$ |
| RHEL 7.6     |           | $\square$ |
| RHEL 8       |           | $\square$ |
| Fedora 28    |           | $\square$ |
| SLES 15      |           | $\square$ |
| Ubuntu 18.04 |           | $\square$ |
| Ubuntu 18.10 | $\square$ | $\square$ |
| Oracle UEK 5 |           | $\square$ |

Table 5-1: SEV support

### 5.2 SEV-ES

The following kernels/OS support SEV-ES:

| OS/KERNEL  | HOST                    | GUEST     |
|------------|-------------------------|-----------|
| Linux 5.10 |                         | $\square$ |
| Linux 5.11 | $\overline{\mathbf{A}}$ | $\square$ |

Table 5-2: SEV-ES support

### 5.3 SEV-SNP

The following kernels/OS support SEV-SNP:

| OS/KERNEL  | HOST           | GUEST |
|------------|----------------|-------|
| Linux 5.19 | in development |       |

Table 5-3: SEV-SNP support

The SNP firmware requires IOMMU security protection, and a special OS kernel is required that knows how to configure the IOMMU. IOMMU must be enabled in BIOS. You can then use development kernels until the SNP patches have been merged into the main Linux kernel. See <a href="https://github.com/AMDESE/AMDSEV/blob/snp-latest/stable-commits">https://github.com/AMDESE/AMDSEV/blob/snp-latest/stable-commits</a>\*.

6

# **OS Enablement**

# 6.1 Checking SEV Enablement

Execute the following command to find all SEV kernel prompts:

```
$ sudo dmesg | grep SEV
```

- SEV: You should see either:
  - [CCP VALUE] SEV supported
  - [CCP VALUE] SEV supported: 'xxx' ASIDs

Note: Both are valid, depending on the kernel version.

- SEV-ES: You should see:
  - [CCP VALUE] SEV-ES supported: 'xxx' ASIDs

For example, when both SEV and SEV-ES are enabled:

```
root@ :~# dmesg | grep SEV
[ 14.886391] ccp 0000:47:00.1: SEV firmware update successful
[ 15.140921] ccp 0000:47:00.1: SEV API:1.51 build: 3
[ 15.229519] SEV supported: 'xxx' ASIDs
[ 15.229520] SEV-ES supported: 'xxx' ASIDs
```

In the above example:

- The number before ASIDs is the number of available ASIDs for the given SEV feature. SEV-ES ASIDs are meant for both SEV-ES and SEV-SNP.
- If either of the prompts do not appear, then verify that SEV and SEV-ES have been correctly enabled in the system, as described in the previous chapters. If so, then you must enable SEV and SEV-ES in the kernel, as described in the following section.

# 6.2 Enabling SEV

If SEV still does not appear in the kernel message after enabling it in BIOS, then you might need to enable it at the kernel level. To enable SEV in the kernel:

 Append the following to the kernel command line options: kvm amd.sev=1 kvm amd.sev es=1

```
58207 - 1.1 25
```

- 2. Update grub in the OS.
- 3. Reboot the machine. SEV should now be enabled in the host OS.
- 4. In any guest, check for enablement by executing the same command shown in <u>"Checking SEV Enablement" on page 25:</u>

```
root@localhost:~# dmesg|grep SEV
[ 0.145741] Memory Encryption Features active: SMD SEV SEV-ES
```

### 6.2.1 Additional Resources

Please see the following resources for additional information:

- Kernel.org: <a href="https://www.kernel.org/doc/html/v5.7/virt/kvm/amd-memory-encryption.html">https://www.kernel.org/doc/html/v5.7/virt/kvm/amd-memory-encryption.html</a>
- RHEL: <a href="https://access.redhat.com/articles/4491591">https://access.redhat.com/articles/4491591</a>
- Oracle: https://blogs.oracle.com/linux/post/using-amd-secure-memory-encryption-with-oracle-linux
- SUSE: <a href="https://documentation.suse.com/sles/15-SP1/html/SLES-amd-sev/index.html">https://documentation.suse.com/sles/15-SP1/html/SLES-amd-sev/index.html</a>

# 6.3 Enabling SEV-SNP

DISCLAIMER: As of February 2023, SNP is still not supported upstream. You can follow these steps to build a demo kernel and get a look at an early version of SNP.

To enable SEV-SNP at the host level:

- 1. Follow the procedure described in "Enabling SEV" on page 25 to enable SEV.
- Verify that the current firmware installed is the newest available (1.54 at the time of publication) for SNPcompatible AMD EPYC 7003 or 9004 Series Processor. If needed, update the firmware as described in <u>"Updating SEV Firmware"</u> on page 27.
- Follow the steps listed in <a href="https://github.com/AMDESE/AMDSEV/blob/snp-latest/stable-commits">https://github.com/AMDESE/AMDSEV/blob/snp-latest/stable-commits</a>\* to build and install newest SNP kernel.
- 4. Execute the command described in <u>"Checking SEV Enablement" on page 25</u> to verify that SEV-SNP is enabled. For example:

```
[ 0.720169] SEV-SNP: RMP table physical address 0x000000003a00000 - 0x00000000568fffff
[ 6.560584] ccp 0000:47.00.1: SEV firmware update successful
[ 8.151665] ccp 0000:47.00.1: SEV API:1.51 build:3
[ 8.151674] ccp 0000:47.00.1:
[ 8.161364] SEV supported: 410 ASIDs
[ 8.161364] SEV-ES and SEV-SNP supported: 99 ASIDs
```

7

# **Updating SEV Firmware**

You should always use the latest SEV firmware supported by your BIOS to have the latest features and security protection. To update SEV firmware:

- Update your system BIOS.
- 2. Execute the SEV DownloadFirmware (DLFW) command. See "DownloadFirmware" on page 27.
- 3. Execute the SNP DownloadFirmwareEX (DLFW EX) command. See "DownloadFirmwareEX" on page 29.

The DownloadFirmware and DownloadFirmwareEX commands replace the local copy of SEV in DRAM with the new image. Calling the next SEV command loads that new copy into SRAM and runs it. The BIOS copy remains in SpiRom; rebooting the system will run the older BIOS image until you execute these commands again to update to the latest version.

### 7.1 DownloadFirmware

The DownloadFirmware command allows system administrators to the version of SEV running on the platform without having to reboot the platform or update the BIOS, provided that:

- · All SEV/SNP guests are shut down.
- The SEV/SNP platform state is UNINIT.

The Linux CCP driver will automatically check for a new SEV image when initialized. If it finds a new image, then it will execute the <code>DownloadFirmware</code> command.

- Download the latest firmware version from <a href="https://developer.amd.com/sev/">https://developer.amd.com/sev/</a>.
- 2. Check the /lib/firmware/amd/ directory to determine the system firmware format (.sbin or .esbin).
- 3. Copy the appropriate firmware filw (.sbin or .esbin) to /lib/firmware/amd/, and then name the file amd\_sev\_fam[ family ]h\_model[ model ]h.sbin Or amd\_sev\_fam[ family ]h\_model[ model ]h.esbin (see Figure 5-1). If needed, you may create an /amd folder, as shown in Figure 5-2, then paste the .sbin/.esbin into this folder (see Figure 5-3), and then rename the firmware file as shown in Figure 5-4.



Figure 7-1: Firmware download example



Figure 7-2: lib\_firmware folder, with the /amd subfolder created.



Figure 7-3: Pasted .sbin before renaming



Figure 7-4: Pasted .sbin after renaming

You can find the latest SEV firmware images at <a href="https://developer.amd.com/sev/">https://developer.amd.com/sev/</a>. See Figure 5-5.



Figure 7-5: SEV firmware download links

AMD EPYC 7002 Series Processors and newer always support SEV. AMD EPYC 7001 Series Processors require SEV firmware version 0.16 or above to run SEV. Please see the <u>SEV Specification</u> for additional information.

### 7.2 DownloadFirmwareEX

The DownloadFirmwareEX command only applies to 3rd Gen AMD EPYC processors and later. This command allows system administrators to the version of SEV running on the platform without having to reboot the platform or update the BIOS. SNP guests may remain running during the update, but all SEV guests must be shut down. The exception is that you may be required to shut down the guests or uninitialize the SNP platform in certain cases, such as if a security bug was found in a previous version and the running guests cannot be upgraded securely.

The minimum version requirements for this command are:

- PSP Bootloader: 00.13.00.60 (Milan PI 1004 BIOS).
- **SEV uapp version:** 1.2B.2B (around Milan PI 1007 BIOS).

If you are running a SEV version that does not support DLFW\_EX, then you will have to first shut down your guests and then call the regular DLFW command (see "DownloadFirmware" on page 27) to upgrade to the SEV version that supports DownloadFirmwareEX and then use DownloadFirmwareEX going forward.

Please see the <u>SEV Specification</u> for additional information.

This page intentionally left blank.

8

# Launching an Encrypted VM

# 8.1 Launching a VM with SEV Encryption

To launch a VM with SEV encryption, enable SEV in the system as described in <u>"Enabling SEV" on page 25</u>, and then verify that you have the following minimum versions:

| PROJECT | VERSION                                        |
|---------|------------------------------------------------|
| Libvert | 4.5                                            |
| QEMU    | 2.12                                           |
| OVMF    | Commit newer than<br>(75b7aa9528bd 2018-07-06) |

Table 8-1: Minimum project versions to support SEV-encrypted VMs

### 8.1.1 Launching with QEMU

In the desired launch directory:

- Create a new qcow2 image:
   \$ qemu-img create -f qcow2 encryptedImage.qcow2 30G
- 2. Copy the OVMF\_VARS.fd file:
   \$cp /usr/share/OVMF/OVMF VARS.fd OVMF VARS.fd
- 3. Launch your VM using your desired ISO image and the following commands as a minimum:

```
$ qemu-system-x86_64 \
-enable-kvm \
-cpu EPYC \
-machine q35 \
-no-reboot \
-vga std \
-vnc :0
-drive file=distro.iso=cdrom -boot d \
-drive if=pflash, format=raw, unit=0, file=/usr/share/OVMF/OVMF_CODE.fd, readonly=on \
-drive if=pflash, format=raw, unit=1, file=OVMF_VARS.fd \
-drive file=encryptedImage.qcow2, if=none, id=disk0, format=qcow2
-device virtio-scsi-pci, id=scsi0, disable-legacy=on, iommu_platform=on
-device scsi-hd, drive=disk0
-machine memory-encryption=sev0, vmport=off
-object sev-guest, id=sev0, policy=0x3, cbitpos=47, reduced-phys-bits=1
```

In the preceding example, the <code>cbitpos</code> parameter in the line - <code>object sev-guest,id=sev0,policy=0x3,cbitpos=47,reduced-phys-bits=1</code> changes depending on the processor generation. AMD EPYC 7002 and 7001 Series Processors have a c-bit value of 47, and AMD EPYC 7003 Series Processors and newer have a c-bit value of 51.

If you are not sure what the appropriate chit is, then you may check the EBX register on the <code>0x8000001f</code> CPUID function by executing the CPUID command:

```
$ cpuid -r -1 0x8000001f
I
```

### In this example:

- The bits 0-5 make up the appropriate cbit value.
- EBX is a hex number; you may need a conversion to find this value. amdsev@amdsev:~\$ cpuid -r -l -l 0x8000001f CPU: 0x8000001f 0x00: eax=0x0101fd3f ebx=0x00004173 ecx=0x0000001fd edx=0x000000064

Note: You may need to edit these commands to suit your particular needs and use cases. For example, different distros may have different QEMU launch commands. Please see the guides listed in "Additional Resources" on page 26 for more information.

- 4. Launch the VM, and then install the distro. You can now launch the VM using the  $q_{COW2}$  image without using the ISO.
- 5. On the guest, execute the dmesg | grep SEV command to verify that SEV is enabled. root@localphost:!# dmesg | grep SEV [ 0.150352] Memory ENcryption Features active: AMD SEV

### 8.1.2 Launching with Libvirt

Please see <a href="https://libvirt.org/kbase/launch\_security\_sev.html">https://libvirt.org/kbase/launch\_security\_sev.html</a> for instructions on launching encrypted VMs with Libvirt.

# 8.2 Launching a VM with SEV-ES Encryption

To launch a VM with SEV-ES encryption, enable SEV in the system as described in <u>"Enabling SEV" on page 25</u>, and then verify that you have the following minimum versions:

| PROJECT | VERSION                                       |
|---------|-----------------------------------------------|
| Libvert | 4.5                                           |
| QEMU    | 6.0                                           |
| OVMF    | Commit newer than<br>(EDK2-STABLE 2020-21-02) |

Table 8-2: Minimum project versions to support SEV-encrypted VMs

If needed, install the correct versions.

 Execute the launch command, which is very similar to the command used for "Launching a VM with SEV Encryption" on page 31, except for the following line:

-object sev-guest, id=sev0, policy=0x3, cbitpos=47, reduced-phys-bits=1, where the policy variable should be changed to reflect SEV-ES enablement, as shown in the following table:

| OFFSET | BIT(S) | NAME      | DESCRIPTION                                                                               |  |
|--------|--------|-----------|-------------------------------------------------------------------------------------------|--|
| 000h   | 0      | NODBG     | Debugging of the guest is disallowed when set.                                            |  |
|        | 1      | NOKS      | Sharing keys with other guests is disallowed when st.                                     |  |
|        | 2      | ES        | SEV-ES is required when set.                                                              |  |
|        | 3      | NOSEND    | Sending the guest to another platform is disallowed when set.                             |  |
|        | 4      | DOMAIN    | The guest must not be transmitted to another platform that is not in the domain when set. |  |
|        | 5      | SEV       | The guest must not be transmitted to another platform that is not SEV-capable when set.   |  |
|        | 15:6   |           | Reserved; should be 0.                                                                    |  |
| 002h   | 7:0    | API_MAJOR | The guest must not be transmitted to another platform with a lower                        |  |
| 003h   | 7:0    | API_MINOR | firmware version.                                                                         |  |

Table 8-3: SEV policy bits

As shown in the previous table:

- The policy bit 2 must be set to launch SEV-ES. The policy is passed as a hexadecimal number.
- A valid SEV-ES configuration would look like this:
  -object sev-guest,id=sev0,policy=0x5,cbitpos=47,reduced-phys-bits=1
- Everything else is the same as SEV.
- On the guest, execute the command dmesq | grep SEV to confirm SEV-ES enablement.

# 8.3 Launching a VM with SEV-SNP Encryption

As of publication, SEV-SNP does not yet have upstream QEMU or OVMF patches. The guest kernel is currently the only item with upstream support. See <u>"OS Enablement" on page 25</u> for version information. You can build SNP-compatible OVMF and QEMU at <a href="https://github.com/AMDESE/AMDSEV/blob/snp-latest/stable-commits">https://github.com/AMDESE/AMDSEV/blob/snp-latest/stable-commits</a>\*.

Build the correct OVMF and QEMU, and then launch an SNP guest by executing a command similar to that used for regular SEV:

```
$ PATH-TO-SNP-QEMU/qemu-system-x86_64 \
-enable-kvm \
-cpu EPYC \
-machine q35 \
-no-reboot \
-vga std \
-vnc :0\
-drive if=pflash, format=raw, unit=0, file=PATH-TO-SNP-OVMF/OVMF_CODE.fd, readonly=on \
-drive if=pflash, format=raw, unit=1, file=OVMF_VARS.fd \ <- make sure you copy this file from build ovmf
-drive file=SNPGUEST.qcow2, if=none, id=disk0, format=qcow2 \
-device virtio-scsi-pci, id=scsi0, disable-legacy=on, iommu_platform=on \</pre>
```

58207 – 1.1 **33** 

```
-device scsi-hd,drive=disk0 \
-machine memory-encryption=sev0,vmport=off \
-object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1
```

This command should allow you to launch an SNP-enabled VM if your guest has the correct kernel. You can execute the command <code>dmesg | grep SEV</code> on the guest to confirm that SNP is launched:

```
root@localhost:~# dmesg | grep SEV
[ 0.150352] Memory Encryption Features avcoe: AMD SEV SEV-ES SEV-SNP
```

Note: LibVirt currently does not support SNP.



9

# **Confidential Containers**

SEV is now supported on confidential containers via an open-source that allows you to launch SEV encrypted katacontainers. Please visit <a href="https://github.com/confidential-containers/documentation/blob/main/quickstart.md">https://github.com/confidential-containers/documentation/blob/main/quickstart.md</a> for information and instructions on how to set-up confidential containers.

This page intentionally left blank.

10

# **Frequently Asked Questions**

#### What is MinSEVASID?

MinSEVAsid is the minimum ASID that lets you run SEV guests, everything below that is for SEV-ES and SEV-SNP guests. For example, if MinSEVAsid is set to 8, then ASIDs 1-7 can only be assigned to SEV-ES or SEV-SNP guests, and ASIDs 8-(max) can only be used for SEV guests.

### How do I map more than 8TB/16TB of physical address space?

To map to more than 8TB of physical address space (DRAM + PCIe + MMIO, etc), change **SEV ASID Count** to 253 in the BIOS. AMD EPYC 7003 and 7002 AGESA will automatically change this setting to 253 if more than 8TB of physical address space is detected during boot. You must disable SME (which also disables SEV) to map to more than 16TB of physical address space. See "Disabling SMEE in BIOS" on page 9.

### How many bits are being used by ASIDs and where is the C-bit on my generation of platform?

See "Disabling SMEE via MSR" on page 10 to find the number of bits being used by ASIDs.

- 1st and 2nd Gen AMD EPYC processors have the c-bit in bit 47.
- 3rd and 4th Gen AMD EPYC processors have the c-bit in bit 51.

If in doubt, check <code>CPUID\_Fn8000001F\_EBX</code> [AMD Secure Encryption EBX] (Core::X86::Cpuid::SecureEncryptionEbx) to find the c-bit position. See <u>"Launching a VM with SEV Encryption" on page 31</u> for additional information.

| 3rd and 2nd Gen AMD EPYC<br>with 256 ASIDs (8 bits)<br>and 16TB DRAM | 3rd and 2nd Gen AMD EPYC<br>with 512 ASIDs (9 bits)<br>and 8TB DRAM |  |
|----------------------------------------------------------------------|---------------------------------------------------------------------|--|
| 64:52 reserved                                                       | 64:52 reserved                                                      |  |
| 51:44 asids/cbit cbit=51                                             | 51:43 asids/cbit cbit=51                                            |  |
| 43:0 PhysAddr                                                        | 42:0 PhysAddr                                                       |  |

Table 10-1: ASID bit usage

#### Where is the SEV documentation?

See <a href="https://developer.amd.com/sev/">https://developer.amd.com/sev/</a>.

### Does the APM vol 2 support SEV and SNP?

Yes. See <a href="https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/24593.pdf">https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/24593.pdf</a>.

#### What is SEV 2?

This is not an official AMD term but may refer to the second implementation of SEV (on 2nd Gen AMD EPYC processors that have 509 ASID keys).

### I have questions about PCDs

Please contact the AMD BIOS support team. The firmware team does not know about PCDs. The BIOS documentation on SEV-related options should be good enough on its own or will need to be updated.

### How big will my RMP be for a given amount of memory?

Each RMP entry is 16 bytes, and 256 RMP entries can fit in a 4K page. So, for 512 GB of DRAM:

- 512\*1024\*1024\*1024 bytes / 4096 = 134,217,728 4K pages
- 134,217,728 4K pages \* 16 Bytes per RMP entry = 2,147,483,648 Bytes for all RMP entries
- 2,147,483,648 Bytes for all RMP entries / (1024\*1024) = 2,048 MB = 2GB (approx.)

### How do I disable SEV?

The easiest way is to disable SMEE in the BIOS (see "Disabling SMEE in BIOS" on page 9). If you want to still use SME but not SEV, then you can blacklist the ccp kernel driver so it doesn't load SEV. The last option is to remove the SEV binary from the BIOS, but that is not recommended.

#### How do I disable SNP?

Don't reserve memory for the RMP in the BIOS, and don't set the SNP\_EN MSR from x86. See <u>"Enabling/Disabling SNP"</u> on page 19 for more information.

### Can we request new security features in later-generation AMD EPYC processors or to SEV?

The SEV spec is generally thought to be final, except for any security issues. Any new features will go into SNP.

#### How do I check if TSME is enabled?

You can check the kernel message to see if TSME is enabled by executing the command <code>dmesg | grep SME</code>, which should return a message similar to <code>AMD Memory Encryption Features active: SME</code>.

Additionally, a SNP guest can send a MSG\_REPORT\_REQ guest message to the PSP to get the SNP attestation report. Bit 1 (tsme\_en) of the PLATFORM\_INFO field contains the tsme\_en info.



### Which version of SEV firmware did 'x' support get added?

| Feature                                                      | SEV Firmware Version |
|--------------------------------------------------------------|----------------------|
| DownloadFirmware                                             | 0.16                 |
| GetID                                                        |                      |
| ActivateEX                                                   | 0.18                 |
| Enhanced DownloadFirmware (PSP firmware dependency checking) |                      |
| • InitEX                                                     |                      |
| SwapIn/SwapOut                                               | 0.23                 |
| • NOP                                                        |                      |
| SendCancel                                                   |                      |
| Attestation                                                  |                      |
| RingBuffer                                                   | 0.24                 |

Table 10-2: SEV firmware versions with 'x' support

58207 - 1.1 39 This page intentionally left blank.



# **Performance Data**

Please see <u>Application Note: AMD SEVSNP Workloads Performance And Best Practices for AMD EPYC™ 7003 Series Processors</u> (login to <u>AMD Devhub</u> required) for information about SEV performance.

This page intentionally left blank.