Confidential Computing Starts with AMD EPYC™ Server CPUs

Confidential computing is a security technology that isolates workloads while they are being processed, which can help protect them from bad actors such as tampered software, compromised hypervisors, or malicious system administrators. Data and workloads are loaded into trusted execution environments (TEEs) — hardware-based, encrypted runtimes — that prevent admins, other users, and the host itself from accessing the contents of the TEE.

By encrypting workloads and data at runtime, confidential computing can help protect workloads and data from host systems and bad actors, including hypervisors. Confidential computing can help ensure data privacy, which can allow organizations to run sensitive workloads on public, multi-tenant clouds safely.

Organizations can also use confidential computing as a foundation for sharing and processing data without revealing the source data, enabling collaborative ways of working with sensitive information. For example, AI services can use confidential computing during inference and training to keep sensitive data protected and anonymous while being processed by the AI pipeline. Users can ask questions, summarize text, and generate videos and images confidentially. This model of running workloads confidentially can extend to AI model training, analytics in healthcare and finance, simulations in product development — virtually any process that must remain private and secure while it runs.

Finally, confidential computing helps simplify regulatory compliance. When powered by AMD SEV, each Trusted Execution Environment (TEE) verifies confidentiality at runtime and provides auditable attestation logs that show workloads are protected.

Confidential VMs use virtualization to create Trusted Execution Environments (TEEs) that can help protect data on demand while it is in use. Since the TEE is VM-based, securing workloads is as simple as launching a VM or container, no code changes required. The confidential VM provides attestation at launch and throughout its runtime. AMD Secure Encrypted Virtualization (AMD SEV) is the most widely adopted solution for confidential VMs in the industry.¹

AMD SEV is a proven, VM-based confidential computing solution that protects data in use with no code changes, so organizations can safely create value from sensitive data, help enable secure collaboration, and run confidential AI and workloads on an open ecosystem powered by AMD EPYC Server CPUs. AMD SEV is a hardware-based feature of AMD EPYC Server CPUs that, when enabled, automatically encrypts and decrypts communication between the confidential VM and host processors, memory, and hypervisors, which can help ensure the workload is inaccessible to the host, other users, and administrators.

AMD SEV is an AMD Infinity Guard² component available on 7000, 8000, and 9000 series AMD EPYC Server CPUs. AMD SEV can be used to help protect workloads in the cloud, in hybrid cloud environments, and on premises. AMD SEV is not supported on AMD EPYC 4000 Series Server CPUs.

AMD SEV is a sophisticated confidential computing solution that brings a lot of value, from simplifying confidential computing to enabling collaborative workflows and confidential AI. Here are the top reasons why SEV is the preferred choice of the industry today:

• Protect data in use today: There’s no engineering, code changes, or partitioning required. Simply launch a confidential VM and your workload and data are protected immediately.
• No code changes: Guest software and data don’t have to be modified to run in an AMD SEV confidential VM. Legacy software, AI models, databases — if it can run in a VM or container, it can run in an AMD SEV confidential VM.
• Enable confidential AI: With AMD SEV, you can help protect proprietary AI models and sensitive data during training and inference, enabling confidential collaboration. AI developers can accelerate innovation while AI clients can share data privately and generate insights without exposing data to AI models or collaborators.
• A broad ecosystem: AMD SEV is the industry's most mature confidential computing ecosystem¹ with proven adoptions across open-source Linux distributions from Red Hat, SUSE, and Canonical. SEV is supported for private cloud deployments on VMware vSphere, Nutanix AOS, and on Microsoft Windows Server. Finally, all major cloud service providers offer confidential VMs based on SEV: Microsoft Azure, AWS, Google Cloud, Oracle Cloud Infrastructure, IBM cloud, and Alibaba Cloud.
• Is built on industry standards: AMD SEV firmware is based on protocols and technologies developed with PCI-SIG, Caliptra, and the Confidential Computing Consortium.

AMD SEV generates an attestation report at launch and when authorized by the confidential VM or a remote party. The report includes an endorsement key that traces authenticity back to the hardware root of trust.