AMD Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) provides memory encryption and integrity protections that can be especially useful in modern cloud computing. Typically a 2~10% performance overhead is reported when engaging AMD SEV-SNP for these hardware-backed security protections. In this article is an extensive look at the current AMD SEV-SNP performance impact for confidential computing on EPYC 9005 “Turin” servers. The current Ubuntu 24.04 LTS was tested as well as an Ubuntu 26.04 development snapshot in evaluating the latest optimizations and what is on the horizon this year for AMD EPYC Linux server performance.
AMD SEV-SNP provides memory integrity protections to help fend off malicious hypervisor-based attacks, other improvements over SEV-ES on earlier EPYC CPUs for greater VM security, interrupt protections, and better protections against side channel attacks. The latest EPYC 9005 processors also support SEV Trusted I/O for protections against PCIe devices but that is outside of the scope of today’s testing.
Typically 2% to 8~10% is cited as the performance overhead to engaging SEV-SNP while some workloads may see upwards of 10~12% such as for database servers and other I/O heavy workloads. Running a well-rounded set of benchmarks for evaluating the AMD SEV-SNP overhead has long been on my TODO list and leveraging the Azure public cloud makes it easy to conduct such a real-world comparison in a production environment.
For measuring the performance impact of modern AMD Secure Encrypted Virtualization in a real-world environment, AMD provided gratis access to two Microsoft Azure public cloud instances: one with SEV-SNP for confidential computing and the second instance the same configuration but without SEV-SNP protections. Thus a clean 1:1 look at the AMD SEV-SNP impact in the public cloud and with all the latest patches at the time applied by Microsoft’s cloud engineers.
The Azure v7 series VMs were powered by AMD EPYC 9V74 80-core processors but for this testing was done in a 16 vCPU configuration comprised of eight physical cores and sixteen threads — given that the 16 vCPU size being quite common among VMs. With the 16 vCPUs was 64GB of memory and 550GB of virtual storage.
The confidential VM (CVM) with SEV-SNP and the default non-confidential VM were running Ubuntu 24.04 LTS with the Linux 6.14 kernel and GCC 13.2 compiler by default. Following that on each VM I then upgraded to an Ubuntu 26.04 development snapshot to look at the performance impact of the newer kernel, GCC 15 compiler, and other upgrades ahead of the official Ubuntu 26.04 LTS release in April.
Thanks to AMD for providing the free access to these VMs for being able to run a default vs. SEV-SNP confidential VM comparison on Azure’s cloud.
