Data technology background. Abstract background. Connecting dots and lines on dark background.

Data Generation is Skyrocketing

The exponential growth of data sharing – propelled by IoT, digitization, and cloud computing – is further intensifying through rapid adoption of machine learning, AI, social media, and collaborative applications. The increased global emphasis on privacy regulations and severe penalties for breaches underscores data’s unparalleled value amid rising security risks.

Threats to Data Security are Growing – and Evolving

Vigilance against evolving threats is crucial given the heightened vulnerabilities of the expanding data landscape. Alongside the complex risks of AI democratization and surging cloud adoption, enterprise data protection requires dependable support from CSPs to enable and enhance confidential computing.

Read the infographic
Cyber security illustration

The AMD EPYC Approach to Security

With the modern “ZEN” architecture, AMD EPYC processors are designed with security in mind from the ground up to be highly resistant to today’s sophisticated attacks, helping protect your sensitive data, avoid downtime, and reduce resource drain. In addition, AMD Infinity Guard provides a unique and robust set of security features that help complement industry ecosystem partners at the software and system levels.

AMD Infinity Guard

Built-in at the silicon level, AMD Infinity Guard offers the advanced capabilities required to help defend against internal and external threats and keep your data safe.

Foundational Security with Continuous Improvement

  AMD EPYC 9005 AMD EPYC 9004 & 8004 AMD EPYC 7003 AMD EPYC 7002 AMD EPYC 4004
Secure Boot
Transparent Secure Memory Encryption
Shadow Stack  
Secure Encrypted Virtualization1  
SEV Encrypted State  
SEV Secure Nested Paging    
Trusted I/O        
Virtual Machine Scalability 512 Threads
1006 Keys
Leading-edge security stronger protection against untrusted hypervisor
Support for up to 63 Multi Host Keys
Stronger 256-bit AES-XTS encryption		 512 Threads
1006 Keys
Leading-edge security stronger protection against untrusted hypervisor
Support for up to 63 Multi Host Keys
Stronger 256-bit AES-XTS encryption		 256 Threads
509 Keys
Leading-edge security features against untrusted hypervisor
Support for unmodified guest OS		 256 Threads
509 Keys
Enhanced scalability
Encrypts CPU registers (SEV-ES)

Not Supported

AMD Secure Boot2

AMD Secure Boot defends against firmware threats, extending the silicon root of trust to help protect BIOS, enhancing security against malware and attacks in virtualized environments.

Shield Icon on Secure Global Network, Cyber security

Transparent Secure Memory Encryption (TSME)

Help safeguard against internal security threats with encrypted data protection, including defense against certain cold-boot attacks. Integrated high-performance encryption engines in memory channels enable optimal performance without the need for application software modifications.

AMD Shadow Stack

AMD Shadow Stack3 offers hardware-enforced stack protection, mitigating malware attacks like return oriented programming (ROP). It maintains return addresses for integrity checks and supports Microsoft® hardware enforced stack protection.

Circuit board with security symbol

Secure Encrypted Virtualization (SEV)

Encrypt and protect each VM's memory space from the hypervisor and other VMs using individual keys, with support for up to 1006 keys4. Enjoy limitless encrypted memory capacity, with added support for CXL memory expansion.

SEV Encrypted State (SEV-ES)

Protects the contents of the registers when the Virtual Machine is offline.

Laptop with security illustration

SEV Secure Nested Paging (SEV-SNP)

SEV-SNP3 provides VM integrity and confidentiality against malicious hypervisors, it enhances cloud security across diverse workloads, with optional defenses against malicious interrupt injection, specific speculative side channel attacks, and TCB rollback attacks.

Trusted I/O

Extends guest’s Trusted Execution Environment (TEE) to include external trusted devices, such as GPUs and accelerators.

Read the White Paper
Blue abstract computer chip layout

Confidential Computing

Confidential computing helps keep data protected while it is being processed—designed to make data inaccessible to even the cloud service provider. Leverage a growing ecosystem using AMD Infinity Guard to address the special security concerns about migrating sensitive applications and data to the cloud.

MonetaGo
Read Case Study
Bullish
Read Case Study
AstraZeneca
Learn More

Resources

Newsletter and Request Contact

Subscribe to Data Center Insights from AMD
Subscribe Now
Request Contact from an AMD EPYC™ Sales Expert
Contact AMD
Footnotes
  1. GD-183A: AMD Infinity Guard features vary by EPYC™ Processor generations and/or series. Infinity Guard security features must be enabled by server OEMs and/or Cloud Service Providers to operate. Check with your OEM or provider to confirm support of these features. Learn more about Infinity Guard at http://www.amd.com/en/products/processors/server/epyc/infinity-guard.html.
  2. An OEM who has enabled the AMD Secure Boot feature grants permission for their cryptographically signed BIOS code to run only on their platforms using an AMD secure boot enabled motherboard. One-time-programmable fuses in the processor bind the processor to the OEM’s firmware code signing key. From that point on, that processor can only be used with motherboards that use the same code signing key.
  3. Available in 3rd Gen and newer AMD EPYC processors.
  4. 4th Gen AMD EPYC 8004 and 9004 processors.  3rd generation AMD EPYC processors support up to 506 keys.