Linux 5.16 will support AMD SEV/SEV-ES live migration

Last week, the main change in Linux 5.16 was a set of patches for the Kernel Virtual Machine (KVM), which introduced RISC-V hypervisor support and AMD PSF control bit support. And this Friday, the second set of KVM patches has been released, the title is to support AMD SEV/SEV-ES intra-host migration.

AMD EPYC 128 cores
With this batch of patch sets, the mainline kernel can now use secure encryption virtualization (or SEV-ES, the encryption state additional function introduced by EPYC 7002 Rome) to handle the intra-host migration of virtual machines. Due to the complexity and security of secure encryption virtualization, it has been unable to support real-time migration, but now at least intra-host migration is supported, that is, the source virtual machine and the target virtual machine are on the same underlying server. Migration between hosts is still not supported.

In addition, the AMD SEV intra-host migration needs to introduce new KVM guest API and guest kernel support changes to handle SEV live migration and then change the SEV/SEV-ES host migration code. At present, the new features of SEV-SNP “Secure Nested Paging” with EPYC 7003 “Milan” processor have not been upstreamed, and AMD will continue to work on merging SEV-SNP support into the mainline core.