What processors support SEV?

[anatoli26]

I can't find information about what AMD Zen processors, besides EPYC, support SEV. In other words, do Ryzen, Ryzen Pro and Threadripper support SEV? Do the chipsets and mobos have anything to do with it (i.e. should a SEV-enabled processor be combined with a SEV-supporting mobo)?

[codomania]

There are two memory encryption technologies as part of AMD Zen core. SME (Secure Memory Encryption) and SEV (Secure Encrypted Virtualization). Both SEV and SME features are supported on CPUs from EPYC family. Whereas processor from Ryzen family supports SME only.

[anatoli26]

Do you mean that any Ryzen (common and Pro) support SME? And that Ryzen Pro don't support SEV?

[anatoli26]

From what I find online, Ryzen and Threadripper don't support SME/SEV, but Ryzen Pro does support SME. What I can't determine reliably is if Ryzen Pro supports SEV, and if it does, whether its final availability also depends on the motherboard/chipset/BIOS.

E.g., Forbes says: "Some things that are new for Ryzen PRO, however, are support Transparent Secure Memory Encryption (TSME) and Secure Encrypted Virtualization (SEV) support." source

Similar reports: "Moving on, AMD's other big security feature for the PRO lineup is Secure Virtualized Encyrption (SEV). SEV in many ways resembles the SME, but in this case, it enables owners to encrypt virtual machines, isolating them from each other, hypervisors, and hosting software." anandtech

"Ryzen PRO also incorporates Secure Encrypted Virtualization (SEV) support. This integrates main memory encryption capabilities with the existing AMD-V virtualization architecture to support encrypted virtual machines." hothardware

"Ryzen Pro CPUs offers built-in hardware-based AES 128-bit encryption. The encryption offers two features, Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV)." tweaktown

But I also find reports that PRO doesn't support SEV. The official AMD website provides no details.

As you're working for AMD and working on the SEV feature, could you please shed some light on this, or better yet point to any official statement/documentation?

[anatoli26]

Also, here's a reply from AMD Support:

Response and Service Request History:

Only AMD Ryzen Pro and EPYC processors support SME and SEV.

In order to update this service request, please respond, leaving the service request reference intact.

Best regards,
AMD Global Customer Care

But I hadn't yet received a reply for the details whether motherboard/chipset/bios support is also needed and, in particular, if Lenovo M715 SFF with Ryzen PRO supports SEV.

[AnonymousII]

Ryzen Pro CPUs definitely don't support SEV. We tried using an HP Elite Desk:

• PC: HP Elite Desk 405 G3 MT
• CPU: AMD Ryzen™ 5 PRO 1500 Quad-Core
• Chipset: AMD B350 FCH
• OS: Linux 4.16-rc1 (Released few days ago on kernel.org)

When experiencing issues with the AMD PSP driver (ioread32(psp->io_regs + PSP_FEATURE_REG) & 1)=0 in sev_init() in psp-dev.c) we asked an AMD developer why this check could fail.

Quote from AMD Developer:

Processor from Ryzen family does not support SEV. Ryzen family support SME and TSME features only.

Although CPUID CPUID Fn8000_001F[EAX] bit 1 (SEV support yes/no) says the cpu supports SEV, obviously the Platform Security Processor (PSP) that comes with it doesn't:

Quote from AMD Developer:

By the way: the result of CPUID Fn8000_001F[EAX] bit 1 (SEV support yes/no) still doesnt seem to make sense to me - why would the cpu say it supports SEV i fit doesn't?

Launching a SEV guest requires support from both CPU as well as PSP Firmware. What you are seeing is that Ryzen CPU hints that it support SEV feature but since PSP does not support the feature hence we will not able launch encrypted guest.

So if you want to get SEV running you should use an AMD EPYC cpu...

[anatoli26]

@AnonymousII, thanks a lot for the details! That's a pity all these details are not provided by AMD, as well as the fact that Ryzen Pro can't be used to build a secure workstation (think CubesOS that could benefit enormously from the SEV feature). And EPYC makes no sense in the desktop segment, except for extreme HPC where probably high level of security is not that necessary.

Looks like the future of processors is RISC-V.

[AnonymousII]

update to my previous comment: we just tried using an "AMD EPYC 7451 24-Core Processor" CPU (96 logical cores) in a huge Supermicro A+ server (EPYC CPU) from our computing center and SEV works just fine - so it definitely was a hardware problem only (moved the same physical disk to our server).

[hardhub]

Quote from AMD Developer:

Processor from Ryzen family does not support SEV. Ryzen family support SME and TSME features only.

Does it mean that Ryzen (common and Pro) supports SME?
Are rules the same for TR4 products?

[jlarrew]

Technically, all processors based on the Zen core have the hardware support for SEV. However, only the EPYC server processors currently have the firmware support to do the key management. For now, SEV is an EPYC-only feature. Sincerely, Jesse

…

On Sat, Jan 26, 2019, 8:26 AM Maxim ***@***.*** wrote: Quote from AMD Developer: Processor from Ryzen family does not support SEV. Ryzen family support SME and TSME features only. Does it mean that Ryzen (common and Pro) supports SME? Are rules the same for TR4 products? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADflBYG3kO85B1LK1nMarrG60pXKxxfpks5vHGV9gaJpZM4PtHbf> .

[hardhub]

@jlarrew

If it is for me, then I talked about SME, not SEV.
I do not need encrypted memory for Guests.
I need encrypted memory for host system.

[M4GNV5]

The question wether SME (NOT SEV, just SME!) is supported on all Zen based processors including Ryzen/Threadrippers doesn't seem to be answered? Could someone clarify, @jlarrew @hardhub?

[hardhub]

From press release:

Ryzen Pro CPUs offers built-in hardware-based AES 128-bit encryption. The encryption offers two features, Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV). SME and SEV are also found on EPYC CPUs, and they provide real hardware based security. For SME a key is generated on boot up and isn't visible to the OS or software applications, and it can be used to secure a portion or all of the memory.

So I do not know if we have Transparent SME on regular desktop CPU.

Can anybody check SME in /proc/cpuinfo?

[M4GNV5]

Alright, I asked a friend who has a Ryzen (Ryzen 7 1800X) for lscpu and cat /proc/cpuinfo. This is the output: https://pastebin.com/raw/YdXqbqUu

The CPU flags contain smep is this the correct one? I know two more people with 1700X but noone with 2xxx or even 3xxx.

EDIT: according to https://ctf-wiki.github.io/ctf-wiki/pwn/linux/kernel/bypass_smep/ smep means Supervisor Mode Execution Protection, so it seems SME is not supported on Ryzens

[tlendacky]

Ryzen processors should support SME. However, the BIOS is needed to set the SMEE bit (23) of the SYS_CFG MSR (0xc0010010). Please see:

https://elixir.bootlin.com/linux/latest/source/arch/x86/kernel/cpu/amd.c#L574

to see how the SME feature will not be reported even if the CPUID instruction indicates support.

Transparent SME (TSME) is also supported by Ryzen, but requires the BIOS to support the configuration option for it. Without the support from BIOS you can't enable TSME.

[bitdivine]

There don't appear to be any Epyc laptops, at least none available here. There is Ryzen Pro though. Does Ryzen Pro support both SME and SEV?

[tlendacky]

Ryzen and Ryzen Pro support only SME. EPYC processors support both SME and SEV.

[bitdivine]

Thank you, @tlendacky . Not the news I wished for but it's good to know. :-)

[vans163]

Does anyone have more details on TSME?

Would a Ryzen 3700x with the correct board support it?

Also how would one detect from the kernel (linux) that the system is booted with TSME enabled (not just SME).

Most/All the stuff here is pertaining to SME, just mentioning that TSME also exists but not actually how to work with it.

[tlendacky]

Does anyone have more details on TSME?

TSME is a BIOS/UEFI option that causes all traffic going through the memory controller to be encrypted. It is basically invisible to an OS.

Would a Ryzen 3700x with the correct board support it?

A Ryzen 3700x should support TSME. The board would need a BIOS/UEFI that has the option to enable TSME (I'm not sure where the option would live within the BIOS menus).

Also how would one detect from the kernel (linux) that the system is booted with TSME enabled (not just SME).

Because TSME is invisible to the OS, this takes some work. You need to be sure that the processorl memory encryption feature is enabled (bit 23 of MSR 0xc0010010) in order to determine from the OS if TSME is enabled. If it is, that means that the CPU will recognize the encryption bit in a page table entry. You'll need a kernel module to detect TSME at this point. The idea is to:

• Allocate a page
• Zero the page or set it to a pattern
• Find the PTE entry for that page (using lookup_address())
  • Be sure you're working with a 4K page and not a 2MB or larger page (check the level returned from lookup_address()). If it's a 2MB or larger page, trying allocating another page.
• Change the encryption bit in the PTE - if set, clear it or if clear, set it
  • Flush the TLB
  • Flush the cache (either wbinvd_on_all_cpus() or clflush the page)
  • Update the PTE (using set_pte_atomic())
  • Flush the TLB again
• Examine the allocated page
  • If the pattern is the same, that means that TSME is active and is encrypting/decrypting all data going through the memory controller and so the encryption bit setting doesn't matter.
  • If the pattern is different (looks like cipher text), that means that TSME is not active and the memory controller is only encrypting/decrypting data based on the page table encryption bit (SME).

Most/All the stuff here is pertaining to SME, just mentioning that TSME also exists but not actually how to work with it.

[tlendacky]

Forgot one thing, remember to reset the PTE back to it's original state.

[vans163]

Damn interesting approach, thank you very much. But question. what if someone already mitmed the ram / membus, so they feed what looks to be like cipher text.

The main idea is kinda to tie Secure Boot into this, so down the chain it can be guaranteed the system booted untampered and data flowing over the membus (after posting) is transparently encrypted.

[yufeidu]

On my ThinkPad T495 with Ryzen Pro 7 3700U, /proc/cpuinfo does report the sev and sev_es flags:
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca

[tlendacky]

SEV also requires firmware support that is only available on EPYC processors.

[xDefcon]

From AMD64 Architecture Programmer’s Manual, Volume 2: System Programming

Determining support for SEV

Support for memory encryption features is reported in CPUID 8000_001F[EAX] as described in
Section 7.10.1, “Determining Support for Secure Memory Encryption,” on page 226. Bit 1 indicates
support for Secure Encrypted Virtualization.

---

If you want to check also for SVM:

Enabling SVM

Before enabling SVM, software should detect whether SVM can be enabled using the following
algorithm:

if (CPUID Fn8000_0001_ECX[SVM] == 0)
 return SVM_NOT_AVAIL;
if (VM_CR.SVMDIS == 0)
 return SVM_ALLOWED;
if (CPUID Fn8000_000A_EDX[SVML]==0)
 return SVM_DISABLED_AT_BIOS_NOT_UNLOCKABLE
 // the user must change a platform firmware setting to enable SVM
else return SVM_DISABLED_WITH_KEY;
 // SVMLock may be unlockable; consult platform firmware or TPM to obtain the
key.

For more information on using the CPUID instruction to obtain processor capability information, see
Section 3.3, “Processor Feature Identification,” on page 70.

[mthiim]

Regarding the enablement bit in SYS_CFG MSR (0xc0010010): It seem Linux expects the BIOS to have set this in advance, but I'm wondering if it couldn't just set the bit itself, assuming the CPU supports SME (cf. the CPUID bit). Just as the kernel itself also sets the enablement bit for other features (e.g. long mode). However, some configuration MSR's are locked by the BIOS during boot so can't be configured by anything but the BIOS, but I'm not sure if this is one of them (from a quick read of e.g. https://developer.amd.com/wp-content/resources/56255_3_03.PDF locking seems to be only for some SMM registers which makes sense). I think I will try myself but Secure Boot and kernel_lockdown (and the removal of its disablements) make such experiments more time consuming!

[thaodt]

hi guys, just want to recall this issue. My laptop has AMD Ryzen 7 4800H processor. And upon checking /proc/cpuinfo, it does have sme, sev & sev_es flags:

fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate sme ssbd mba sev ibrs ibpb stibp vmmcall sev_es fsgsbase bmi1 avx2 smep bmi2 cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr rdpru wbnoinvd arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif umip rdpid overflow_recov succor smca

but it seems that it needs to be supported by firmware also when i check via libvirt virt-host-validate:

And this one is still not available for AMD Ryzen processors.

And if sev is not supported, so /dev/sev won't be displayed, right? Even though i saw SEV being enabled in the kernel as below:

I did follow this tutorial to enable SEV on host machine (my AMD Ryzen 7).

[peterzheng98]

Whether R9-5900X will support it? I don't find sev in /proc/cpuinfo(flags).