IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

AMD EPYC™ Processors Deliver Confidential Computing for Public and Private Cloud Environments

New Technology Creates New Opportunities

Cloud environments can replace costly specialized compute, storage, and networking nodes by implementing these functions using standard servers. Running a workload in a cloud environment is as easy as defining the compute and storage resources you need and how those resources should connect to each other and the outside world. You can often do this using a few mouse clicks, a few simple commands, or by loading an existing configuration. What’s more, many workloads don’t run 24x7. When you’re done with a public cloud, you may be able to stop paying for some or all of those resources. When you’re done with a private cloud, you can release the resources for use by someone else in your organization.

You can leverage virtualized environments in any or all of the following ways:

  • On-premises: Your organization owns all of the hardware that hosts your virtualized environment. In this scenario, you will use a hypervisor such as one from VMware® or an appliance such as one from Nutanix™ to create the virtual servers, storage, and networking. This setup is called a private cloud.
  • Public cloud: Your organization rents the resources it needs from a Cloud Service Provider (CSP), such as Google Cloud, Microsoft Azure, or Amazon AWS.
  • Hybrid: Some mix of public and private. For example, your organization may use a private cloud and expand to a public cloud to handle surge needs.

New Opportunities Create New Threats

Think of legacy networks as a single-family home where only a few people have the key and where there are only so many doors and windows. Cloud environments resemble an apartment building that offers denser, more flexible land use but with more doors, windows, and people with keys. Someone could even use an adjacent apartment to spy on or steal from a neighbor. We know the need to lock our doors when leaving home, but how many of us worry about security inside our own homes?

The virtualization inherent in these multi-tenant public, private and hybrid cloud environments makes the memory, cache, and registers of each virtual machine potentially vulnerable to unauthorized access. We’ve long accepted the need to protect data at-rest and in-motion, but protecting data during use has only recently become a priority as virtualized environments become the norm.

Introducing Confidential Computing

Confidential computing uses hardware-based encryption to help protect data privacy and integrity. AMD EPYC processors include the Infinity Guard(1) suite of features that help protect sensitive data, including in virtualized environments. Secure Memory Encryption (SME) encrypts the system memory of the bare metal machine. Secure Encrypted Virtualization (SEV)(2), helps isolate individual virtual machines as the AMD Secure Processor generates unique keys used to encrypt guest memory. SEV Encrypted State (SEV-ES) adds an additional security layer by also encrypting the CPU register contents. SEV Secure Nested Paging (SEV-SNP) again extends the defense by providing integrity protection capabilities for guest memory. These technologies work together to help defend against an attacker performing unauthorized reads or writes to virtual machine memory, registers or caches.

Security often comes at the price of performance. It takes more time to unlock a door than go through an open door. Enabling the security features on AMD EPYC processors introduces only a small additional overhead. Here is a great example. These features are enabled at the BIOS, hypervisor, and guest operating system levels. No changes are required for your individual x86 applications.

Key AMD Stakeholders Support Confidential Computing

AMD works with stakeholders across our large and growing AMD EPYC ecosystem. Some of our key engagements include OS, hypervisor, and Cloud Service Provider (CSP) vendors that enable AMD EPYC security features in both bare metal and virtualized environments.

Public and Private Cloud

We are pleased to collaborate with leading CSPs and virtualization solutions, including:

  • Google Cloud*: Google’s Confidential VMs and Confidential GKE Nodes enable AMD Secure Encrypted Virtualization to help deliver confidential computing for the cloud.
  • IBM*: Exploring how Virtual Machine (VM) encryption can be applied to the Red Hat® OpenShift Container Platform (OCP) and to Kubernetes through the workload virtualization options provided by KubeVirt and Kata Containers.
  • Microsoft® Azure®*: Help keep your business-critical data secure while in use by leveraging Azure’s leading confidential computing infrastructure and services.
  • Nutanix*: Nutanix supports SEV on AOS. AMD and Nutanix are working to enable SEV on the Nutanix AHV hypervisor.
  • VMware®: VMware vSphere® 7.0 U1 and above offer out-of-the-box host-level SEV-ES support for virtual machines, and vSphere 7.0 U2 extends this protection to containers running operating systems that support SEV-ES, such as SUSE 15.

Operating System Support

All major Linux® distributions have out of the box support for SEV, including

Additional Ecosystem Engagements

The flexibility and scalability of cloud environments may make them an ideal choice for your IT needs. These architectures are continuing to evolve as newer designs are developed that further reduce system overhead and provide design approaches where security is a priority consideration. This video* gives a good example.

AMD has played a leadership role in developing hardware-based security, and we continue to develop and enhance these features throughout the software ecosystem. I’m proud of the great strides we have made together with our stakeholders to build a robust ecosystem for confidential computing.

In a future blog, I’ll talk more about the OS stacks that enable each of the three current tiers (SEV, SEV-ES, and SEV-SNP) of AMD EPYC CPU-based security features. I’ll also have some exciting news to share as 2022 continues. Stay tuned!

Raghu Nambiar is a Corporate Vice President of Data Center Ecosystems and Solutions for AMD. His postings are his own opinions and may not represent AMD’s positions, strategies or opinions. Links to third party sites are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied.


  1. AMD Infinity Guard features vary by EPYC™ Processor generations. Infinity Guard security features must be enabled by server OEMs and/or Cloud Service Providers to operate. Check with your OEM or provider to confirm support of these features. Learn more about Infinity Guard at GD-183
  2. See for additional information.

*Links to third party sites are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied.

AMD employees around the world are focused on building leadership high-performance and adaptive computing products that push the boundaries of what is possible. AMD products and technologies serve as the digital building blocks used by billions of people, leading Fortune 500 businesses and cutting-edge scientific research facilities every day to power the services and devices that define modern life.