AMD has published the source code of its firmware AMD-SPFW, which is responsible for the operation of the protection mechanism called AMD SEV (Secure Encrypted Virtualization). This mechanism ensures the security of virtual machines by protecting them from compromises by the hypervisor or host system administrator. The code has been made publicly available on GitHub under a separate licensing agreement. It corresponds to the SEV FW 1.55.25 firmware used in the 4th generation of AMD Epyc (Genoa) processors.
AMD SEV protection is implemented by encrypting the memory of virtual machines at the hardware level. Only the current guest system has access to the decrypted data, while other virtual machines and the hypervisor receive an encrypted set of data when attempting to access this memory. The encryption keys are controlled by a separate Platform Security Processor (PSP) built into the chip, which is based on the ARM architecture. This technology is supported in the server processors of the AMD EPYC family and is used by major cloud providers such as Amazon Web Services (AWS), Google Cloud, Microsoft Azure, and Oracle Compute Infrastructure (OCI).
The publication of the source code is motivated by AMD’s commitment to Open Source ideas and its efforts to increase transparency in technology related to security. The availability of the source code enables independent audits of AMD SEV implementation. The licensing agreement allows for the use, copying, modification, distribution, and creation of works specifically for use with AMD equipment. However, it prohibits the inclusion of the code in products distributed under other licenses or intended to violate patents. The development of the firmware will continue within AMD, which does not plan to accept third-party changes but will consider comments and reviews.