SEV

Jan 1, 0001

Definition

SEV, or Secure Encrypted Virtualization, is a security feature provided by AMD processors that encrypts virtual machine (VM) memory to protect it from unauthorized access. This technology ensures that the data within a VM is encrypted in memory, preventing both hypervisor-level attacks and unauthorized access by other VMs on the same host. SEV is designed to enhance the confidentiality and integrity of data in cloud and virtualized environments.

Secure Settings Example

# Example of enabling SEV in a QEMU/KVM configuration
<domain type='kvm'>
  <name>secure-vm</name>
  <memory unit='KiB'>1048576</memory>
  <vcpu placement='static'>2</vcpu>
  <features>
    <sev state='on'/>
  </features>
  <os>
    <type arch='x86_64' machine='pc-i440fx-2.9'>hvm</type>
  </os>
  ...
</domain>

Insecure Settings Example

# Example of a VM configuration without SEV enabled
<domain type='kvm'>
  <name>insecure-vm</name>
  <memory unit='KiB'>1048576</memory>
  <vcpu placement='static'>2</vcpu>
  <features>
    <!-- SEV is not enabled, leaving VM memory unencrypted -->
  </features>
  <os>
    <type arch='x86_64' machine='pc-i440fx-2.9'>hvm</type>
  </os>
  ...
</domain>

SEV

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter