-
ISSUE TYPE
COMPONENT NAMEVirtualization, Security CLOUDSTACK VERSION4.18.2.4 OS / ENVIRONMENTUbuntu 22.04 SUMMARYCloudStack does not currently support SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging), a critical security feature for enhancing the protection of virtualized environments. SEV-SNP is designed to secure workloads by preventing hypervisor attacks and ensuring that VM memory remains encrypted even from the host. I would like to know when SEV-SNP will be supported in CloudStack, and how it can be used once integrated. This feature is especially important for those utilizing AMD's SEV technology and seeking to ensure their VMs are as secure as possible. EXPECTED RESULTS
ACTUAL RESULTSCurrently, there is no support for SEV-SNP in CloudStack, which limits the ability to fully leverage AMD's SEV capabilities for securing virtualized environments. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Thanks for opening your first issue here! Be sure to follow the issue template! |
Beta Was this translation helpful? Give feedback.
-
|
@sl4sh73r to my knowledge, SEV-SNP is a feature in the Server BIOS. Cloudstack is just an orchestrator of the KVM level. You should be able to turn on the SEV-SNP, and Cloudstack doesnt need to know about it. The only issue i think you will have is live migration. But this is not an issue to Cloudstack but to all Live Migration technologies with confidential computing. I remember even Google Cloud talks about this limitation in their docs. |
Beta Was this translation helpful? Give feedback.
@sl4sh73r to my knowledge, SEV-SNP is a feature in the Server BIOS. Cloudstack is just an orchestrator of the KVM level.
You should be able to turn on the SEV-SNP, and Cloudstack doesnt need to know about it.
The only issue i think you will have is live migration. But this is not an issue to Cloudstack but to all Live Migration technologies with confidential computing. I remember even Google Cloud talks about this limitation in their docs.