| Introduction | Microsoft recently pushed some changes aimed at improving Hyper-V support in the upcoming Linux kernel version 6.6. These improvements include support for AMD SEV-SNP guests and Intel TDX guests on Hyper-V. In addition to these two items, there are some other upgrades, such as improved ACPI (Advanced Configuration and Power Interface) root object handling in the VMBus driver. |
Linux leader Linus Torvalds accepted these updates sent by Wei Liu, chief architect of Microsoft Azure Machine Learning.
Linus Torvalds accepts Linux Hyper-V upgrade from Microsoft
He mentioned in the documentation:
Get Hyper-V updates from Wei Liu:
– Support SEV-SNP client on Hyper-V (Tianyu Lan)
– Support TDX guest on Hyper-V (Dexuan Cui)
– Using the SBRM API in the Hyper-V balloon driver (Mitchell Levy)
– Avoid dereferencing ACPI root object handles in VMBus drivers (Maciej Szmigiero)
– Some misuse fixes (Jiapeng Chong, Nathan Chancellor, Saurabh Sengar)
Intel's Trust Domain eXtension or TDX helps isolate a virtual machine (VM) from its virtual machine manager (VMM) or hypervisor (in this case, Microsoft's Hyper-V) to isolate them from other hardware and systems. These hardware-isolated virtual machines are essentially "trust domains", so they are also called "trust domain" technology. It provides multi-key full memory encryption (MKTME) via AES-128-XTS.
On the AMD side, SEV or Secure Encrypted Virtualization technology helps isolate a virtual machine from its hypervisor or virtual machine. Interestingly, SEV was the first such technology for x86 processors, and AMD later improved it with SEV-ES (Secure Encrypted Virtualization-Encrypted State), which brought CPU encryption; later, Memory encryption also incorporates SEV-SNP (Secure Nested Paging), which is designed to prevent side-channel attacks and more.
Intel TDX recently protected its latest processors from Downfall vulnerabilities, which is an example of the benefits of having this capability, but that doesn't mean they will be immune to vulnerable microcode updates.
It can be seen that both AMD and Intel-based computers can benefit from this, and although adding this feature may not mean much to the average consumer, enterprises may appreciate the extra security brought by the latest.