Technology

SEV-SNP encrypts the memory contents of each virtual machine, isolating it from the hypervisor and other VMs running on the same physical server. This encryption is done using a unique encryption key per VM, generated by the AMD Secure Processor (ASP).

AMD's processors equipped with SEV-SNP include an additional on-chip component called the Secure Processor. It handles the encryption and decryption of memory contents, as well as the management of encryption keys. The Secure Processor operates independently of the hypervisor, providing an extra layer of security.

SEV-SNP incorporates a feature called Launch Control, which ensures the integrity of the hypervisor at VM startup. It verifies the hypervisor's digital signature, preventing the execution of tampered or malicious hypervisors.

SEV-SNP includes an additional feature called Protected Memory Encryption. PME extends the memory encryption capability to the hypervisor itself, protecting its sensitive data from unauthorized access. It allows the hypervisor to create secure regions of memory that can only be accessed by the hypervisor itself and not by guest VMs.

SEV-SNP also supports Platform Level Encryption, which enables encryption of the entire platform's memory. This feature adds an additional layer of security to protect against attacks targeting memory bus snooping.