Skip to content

AMD- SEV-ES deprecation note #1902

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sounix000 merged 3 commits into from
Mar 3, 2026
+32 −6
Merged

AMD- SEV-ES deprecation note #1902

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e722c8b
AMD- SEV-ES deprecation note
sounix000 Feb 21, 2026
2f64e52
Modifying title of article, as suggested by Antoine
sounix000 Mar 3, 2026
20d9026
Included revision history
sounix000 Mar 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion xml/art_amd-sev.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,12 @@
confines and is able to read arbitrary memory is unable to steal
sensitive data from an SEV or SEV-ES VM.
</para>

<note>
<title>AMD SEV-ES deprecation notice</title>
<para>
AMD SEV-ES is deprecated on CPUs that support AMD SEV-SNP technology. SEV-ES (Encrypted State) is a subset of the features found in SEV-SNP (Secure Nested Paging). If the hardware supports SNP, it usually defaults to the newer standard because it includes all the protections of ES plus memory integrity.
</para>
</note>
<para>
This document aims to provide a basic understanding of how SEV and
SEV-ES work, and how to enable and configure these features. It also
Expand Down
13 changes: 9 additions & 4 deletions xml/vm_security.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,12 @@
tracked. Since this isolates VMs, the other VMs or the host machine are not affected by
threats.
</para>

<note>
<title>AMD SEV-ES deprecation notice</title>
<para>
AMD SEV-ES is deprecated on CPUs that support AMD SEV-SNP technology. SEV-ES (Encrypted State) is a subset of the features found in SEV-SNP (Secure Nested Paging). If the hardware supports SNP, it usually defaults to the newer standard because it includes all the protections of ES plus memory integrity.
</para>
</note>
<para>
This section explains the steps to enable and use AMD SEV-SNP on your AMD EPYC server with
&productname; &productnumber;.
Expand Down Expand Up @@ -216,7 +221,7 @@
</para>

<para>
The attestation process involves two tools: <command>snpguest</command> and <command>snphost</command>.
The attestation process involves two tools: <command>snpguest</command> and <command>snphost</command>.
</para>

<sect2 xml:id="sec-vm-security-snp-attestation-guest">
Expand Down Expand Up @@ -269,7 +274,7 @@ VEK signed the Attestation Report!
</screen>
</step>
</procedure>

<note>
<para>
The extended attestation workflow using the
Expand Down Expand Up @@ -314,7 +319,7 @@ ASK ⬑ VCEK
</screen>
</step>
</procedure>
</sect2>
</sect2>
</sect1>

<sect1 xml:id="sec-vm-security-sev-snp-limits">
Expand Down