Home

SEV

SEV, in computing, refers to Secure Encrypted Virtualization, a technology developed by AMD to protect the memory of virtual machines. It encrypts the memory of each guest VM with a unique per-VM key managed by the processor’s secure hardware, isolating VM memory from the host operating system and hypervisor. This confidentiality helps prevent data leakage from the host or other tenants in shared environments.

The architecture centers on the AMD Secure Processor, which stores and handles encryption keys, and a hardware-assisted

SEV has been extended with notable features. SEV-ES (Encrypted State) protects the CPU state during VM pauses,

Adoption has grown in data centers and cloud environments that use AMD processors. Implementing SEV may incur

In non-technical contexts, SEV can have other meanings; however, within computing, it most commonly denotes Secure

memory
encryption
engine
that
transparently
encrypts
and
decrypts
memory
pages
as
they
are
accessed.
A
hypervisor
can
manage
keys
and
configuration,
and
remote
attestation
enables
verification
that
a
VM
is
running
on
genuine
hardware
with
the
expected
software
stack.
migrations,
and
other
transitions,
safeguarding
register
contents
and
related
data.
SEV-SNP
(Secure
Nested
Page)
adds
memory
integrity
protections
and
stronger
attestation,
improving
resistance
to
certain
attack
vectors
and
offering
enhanced
paging
and
isolation
guarantees.
some
performance
overhead
and
requires
compatible
firmware,
management
tooling,
and
software
support
within
the
virtualization
stack.
Security
research
has
demonstrated
vulnerabilities
in
earlier
implementations,
prompting
ongoing
improvements
such
as
SEV-ES
and
SEV-SNP
and
their
corresponding
mitigations.
Encrypted
Virtualization.