Discover Cryptography News
Linux Will Now Better Handle AMD SEV-SNP To Avoid Undefined Behavior For Old VMs
Merged on Sunday prior to tagging Linux 6.2-rc6 is a late "fix" for the AMD Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP) code to avoid possible situations of undefined behavior with difficult to debug issues where a modern Linux host with SEV-SNP may try booting a Linux virtual machine with an outdated kernel.
Some AMD SEV-SNP features need guest-side support to work correctly and so if a modern Linux host with a recent kernel that supports newer features of modern AMD EPYC CPUs tries booting a guest virtual machine with a kernel lacking support for some SEV features, there can be problems -- problems that aren't necessarily straight-forward to diagnose. Surprisingly it took until yesterday for the mainline Linux kernel to receive SEV-SNP guest feature negotiation support to deal with this real possibility of the host/hypervisor having a newer kernel than what is found on the guest VMs.
This is being treated as a fix so it was picked up for Linux 6.2-rc6 rather than waiting for the next merge window. In turn it will also be back-ported soon to stable Linux kernel series.