Data technology background. Abstract background. Connecting dots and lines on dark background.

Data Generation is Skyrocketing

The exponential growth of data sharing – propelled by IoT, digitization, and cloud computing – is further intensifying through rapid adoption of machine learning, AI, social media, and collaborative applications. The increased global emphasis on privacy regulations and severe penalties for breaches underscores data’s unparalleled value amid rising security risks.

Threats to Data Security are Growing – and Evolving

Vigilance against evolving threats is crucial given the heightened vulnerabilities of the expanding data landscape. Alongside the complex risks of AI democratization and surging cloud adoption, enterprise data protection requires dependable support from CSPs to enable and enhance confidential computing.

Read the infographic
Cyber security illustration

The AMD EPYC™ Approach to Security

With the modern “ZEN” architecture, AMD EPYC server CPUs are designed with security in mind from the ground up to be highly resistant to today’s sophisticated attacks, helping protect your sensitive data, avoid downtime, and reduce resource drain. In addition, AMD Infinity Guard provides a unique and robust set of security features that help complement industry ecosystem partners at the software and system levels.

AMD Infinity Guard

Built-in at the silicon level, AMD Infinity Guard offers the advanced capabilities required to help defend against internal and external threats and keep your data safe.

Enterprise Computing Requires Robust Foundational Security With Continuous Improvement to Counter the Evolving Threat Landscape

  AMD EPYC™ 7001 Server CPU Series AMD EPYC™ 7002 Server CPU Series AMD EPYC™ 7003 Server CPU Series AMD EPYC™ 8004 & 9004 Server CPU Series AMD EPYC™ 9005 Server CPU Series
Secure Boot
Transparent Secure Memory Encryption
Shadow Stack  
Secure Encrypted Virtualization (SEV)1
SEV New Feature N/A Encryped State Secure Nested Paging Memory Encryption for CXL Attached Memory Trusted IO

Small and medium businesses also need hardened platforms to protect critical business data in their unique deployment and use scenarios. The AMD EPYC™ 4004 and 4005 series platforms are designed to meet these business needs.

   AMD EPYC™ 4004 Server CPU Series AMD EPYC™ 4005 Server CPU Series
Secure Boot
Transparent Secure Memory Encryption
Shadow Stack

AMD Secure Boot2

AMD Secure Boot defends against firmware threats, extending the silicon root of trust to help protect BIOS, enhancing security against malware and attacks in virtualized environments.

Shield Icon on Secure Global Network, Cyber security

Transparent Secure Memory Encryption (TSME)

Help safeguard against internal security threats with encrypted data protection, including defense against certain cold-boot attacks. Integrated high-performance encryption engines in memory channels enable optimal performance without the need for application software modifications.

AMD Shadow Stack

AMD Shadow Stack3 offers hardware-enforced stack protection, mitigating malware attacks like return oriented programming (ROP). It maintains return addresses for integrity checks and supports Microsoft® hardware enforced stack protection.

Circuit board with security symbol

Secure Encrypted Virtualization (SEV)

Encrypt and protect each VM's memory space from the hypervisor and other VMs using individual keys, with support for up to 1006 keys4. Enjoy limitless encrypted memory capacity, with added support for CXL memory expansion.

Encrypted State (ES)

Protects the contents of the registers when the Virtual Machine is offline.

Laptop with security illustration

Secure Nested Paging (SNP)

SNP3 provides VM integrity and confidentiality against malicious hypervisors, it enhances cloud security across diverse workloads, with optional defenses against malicious interrupt injections, specific speculative side channel attacks, and TCB rollback attacks.

Trusted I/O (TIO)

Extends guest’s Trusted Execution Environment (TEE) to include external trusted devices, such as GPUs and accelerators.

Read the White Paper
Blue abstract computer chip layout

Confidential Computing Starts with AMD SEV

AMD SEV is an Infinity Guard technology that helps protect data in use with a virtual machine approach that requires no-code changes to deploy. Built on open industry standards and supported by the industry’s broadest, most mature confidential computing ecosystem, AMD SEV-powered solutions are available today for immediate deployment from major cloud providers, Linux and Windows operating systems, virtualization platforms, and OEM hardware.

Explore AMD SEV
MonetaGo
Read Case Study
Bullish
Read Case Study
Zonar logo
Read Case Study

Resources

Newsletter and Request Contact

Subscribe to Data Center Insights from AMD
Subscribe Now
Request Contact from an AMD EPYC™ Sales Expert
Contact AMD
Footnotes
  1. GD-183A: AMD Infinity Guard features vary by EPYC™ Processor generations and/or series. Infinity Guard security features must be enabled by server OEMs and/or Cloud Service Providers to operate. Check with your OEM or provider to confirm support of these features. Learn more about Infinity Guard at http://www.amd.com/en/products/processors/server/epyc/infinity-guard.html.
  2. An OEM who has enabled the AMD Secure Boot feature grants permission for their cryptographically signed BIOS code to run only on their platforms using an AMD secure boot enabled motherboard. One-time-programmable fuses in the processor bind the processor to the OEM’s firmware code signing key. From that point on, that processor can only be used with motherboards that use the same code signing key.
  3. Available in 3rd Gen and newer AMD EPYC processors.
  4. 4th Gen AMD EPYC 8004 and 9004 processors.  3rd generation AMD EPYC processors support up to 506 keys.