Re: That SEV mode looks really interesting
This harks back to some work done a long time ago. AMD opened up Hypertransport, meaning that any old Tom, Dick or Harry could make silicon that could plug into an AMD socket.
And people did, well, at least they did FPGA modules that could plug into a second CPU slot. I'm sure that one of the things someone did was to turn the FPGA into a RAM encrypter. Looks like AMD have moved that functionality over into the main CPU's memory controller.
It's an interesting idea that the hypervisor cannot see inside the VM. The IT security researchers won't like that particularly - they use VMs as a way of studying viruses, trojans, etc, relying on the hypervisor being an unseen God mode stealthy observer of whatever happens inside the VM. Meanwhile the malware writers go to a lot of effort to ensure that their malware detects a virtual environment and deletes itself, to prevent the whitehats unpicking the malware.
However, if SEV mode becomes commonplace, it might give the malware writers an unexpected advantage; the whitehats might no longer be able to see inside the VMs...
Biting the hand that feeds IT
