Microsoft recently pushed some changes that are aimed at improving Hyper-V support on the upcoming Linux kernel version 6.6. Among the several improvements are the support for AMD SEV-SNP guests as well as Intel TDX guests on Hyper-V.
Aside from these two, there are other upgrades as well like improved ACPI (Advanced Configuration and Power Interface) root object handling in VMBus driver, and more. Linux boss Linus Torvalds accepted these updates which were sent in by Microsoft's Principal Architect at Azure Machine Learning, Wei Liu. Torvalds says:
Pull hyperv updates from Wei Liu:
- Support for SEV-SNP guests on Hyper-V (Tianyu Lan)
- Support for TDX guests on Hyper-V (Dexuan Cui)
- Use SBRM API in Hyper-V balloon driver (Mitchell Levy)
- Avoid dereferencing ACPI root object handle in VMBus driver (Maciej Szmigiero)
- A few misecllaneous fixes (Jiapeng Chong, Nathan Chancellor, Saurabh Sengar)
For those wondering, Intel's Trust Domain eXtension or TDX helps isolate virtual machines (VMs) from their virtual machine managers (VMMs) or hypervisors (which in this case is Microsoft's Hyper-V), hence isolating them from the rest of the hardware and the system. These hardware-isolated virtual machines are essentially what "Trust Domains" are and hence the name of the technology. It offers multi-key total memory-encryption (MKTME) via AES-128- XTS.
Over on AMD's side, SEV or Secure Encrypted Virtualization helps to isolate the VMs from their hypervisors or VMs. Interestingly, SEV was the first such technology for x86 processors and AMD has since improved upon it with SEV-ES or Secure Encrypted Virtualization-Encrypted State that brought CPU encryption; and later, memory encryption was also added with the SEV-SNP (Secure Nested Paging) which is meant to protect against side-channel attacks, among others.
An example of the benefit of having such a thing is how Intel TDX recently protected its latest processors from the Downfall vulnerability, though that does not mean they will be immune to buggy microcode updates.
While the addition of this feature may not mean much for the average consumer, enterprises will likely appreciate the additional security.
4 Comments - Add comment