Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

AMD SEV

1 min read
Pronunciation
[A-M-D S-E-V]
Analogy
AMD SEV is like wrapping your computer’s RAM in an unbreakable safe that only the CPU can unlock.
Definition
AMD Secure Encrypted Virtualization is a hardware feature that encrypts virtual machine memory to protect guest data and code from hypervisor or host‑level attacks.
Key Points Intro
SEV provides hardware‑rooted memory encryption and attestation for confidential computing.
Key Points

Per‑VM keys: Unique encryption keys for each VM managed by AMD PSP.

Transparent encryption: Memory pages encrypted/decrypted on the fly by the memory controller.

Remote attestation: Prove VM integrity to external verifiers.

Minimal overhead: AES‑based encryption with low performance impact.

Example
Running an Ethereum validator in an SEV‑enabled VM ensures private keys and signing operations remain encrypted even if the host OS is compromised.
Technical Deep Dive
On AMD EPYC, the Platform Security Processor (PSP) provisions VM encryption keys via a secure boot chain. Memory controller AES engine encrypts DRAM pages tagged with the VM’s key ID. SEV‑ES extends protection to CPU registers. Remote attestation uses a certificate chain signed by AMD’s root CA, verified via the CHIPMAN protocol. QEMU/KVM integrates via the `sev` driver and libvirt hooks.
Security Warning
Firmware or microcode vulnerabilities can undermine SEV; always apply vendor patches and restrict hypervisor privileges.
Caveat
Some cloud providers offer limited SEV support; performance may degrade under heavy I/O workloads.
Related Terms
Intel SGX

AMD SEV - Related Articles

No related articles for this term.