boring-cyborg[bot]
commented
1 hour ago Thanks for opening your first issue here! Be sure to follow the issue template!
Open sl4sh73r opened 1 hour ago
boring-cyborg[bot]
commented
1 hour ago Thanks for opening your first issue here! Be sure to follow the issue template!
btzq
commented
1 hour ago @sl4sh73r to my knowledge, SEV-SNP is a feature in the Server BIOS. Cloudstack is just an orchestrator of the KVM level.
You should be able to turn on the SEV-SNP, and Cloudstack doesnt need to know about it.
The only issue i think you will have is live migration. But this is not an issue to Cloudstack but to all Live Migration technologies with confidential computing. I remember even Google Cloud talks about this limitation in their docs.
ISSUE TYPE
COMPONENT NAME
Virtualization, Security
CLOUDSTACK VERSION
4.18.2.4
OS / ENVIRONMENT
Ubuntu 22.04
SUMMARY
CloudStack does not currently support SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging), a critical security feature for enhancing the protection of virtualized environments. SEV-SNP is designed to secure workloads by preventing hypervisor attacks and ensuring that VM memory remains encrypted even from the host.
I would like to know when SEV-SNP will be supported in CloudStack, and how it can be used once integrated. This feature is especially important for those utilizing AMD's SEV technology and seeking to ensure their VMs are as secure as possible.
EXPECTED RESULTS
ACTUAL RESULTS
Currently, there is no support for SEV-SNP in CloudStack, which limits the ability to fully leverage AMD's SEV capabilities for securing virtualized environments.