It’s quite a mouthful but today AMD posted Linux kernel patches for preparing SEV-SNP BTB isolation support for further enhancing the security of virtual machines (VMs) for confidential computing.
AMD SEV-SNP BTB isolation is around ensuring guest VMs protected by Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP) cannot have their branch target buffers (BTBs) affected by context outside of that guest virtual machine. The AMD EPYC CPU hardware tracks each guest’s branch target buffer’s entries and can flush the BTB when determining it to be “contaminated” with any prediction information outside of that guest’s context.
The kernel patch enabling SEV-SNP BTB sums it up as:
“This feature ensures SNP guest Branch Target Buffers (BTBs) are not affected by context outside that guest. CPU hardware tracks each guest’s BTB entries and can flush the BTB if it has been determined to be contaminated with any prediction information originating outside the particular guest’s context.
To mitigate possible performance penalties incurred by these flushes, it is recommended that the hypervisor runs with SPEC_CTRL[IBRS] set. Note that using Automatic IBRS is not an equivalent option here, since it behaves differently when SEV-SNP is active. See commit acaa4b5c4c85 (“x86/speculation: Do not enable Automatic IBRS if SEV-SNP is enabled”) for more details.
Indicate support for BTB Isolation in sev_supported_vmsa_features, bit 7.”
This patch series is out for review on the kernel mailing list for plumbing that BTB isolation support. There are also patches for QEMU for handling the BTB isolation feature.
With the BTB Isolation feature having been added to AMD’s programming guide back in March 2024, it would appear that current AMD EPYC 9005 “Turin” server processors are already capable of supporting this security feature for VMs.
For those wondering about typical AMD SEV-SNP performance overhead costs in general for the added security protections, see the recent Evaluating The Performance Cost To AMD SEV-SNP On Modern EPYC VMs.
