Microsoft has recently implemented significant changes to enhance Hyper-V support in the upcoming Linux kernel version 6.6. These improvements encompass support for AMD SEV-SNP guests and Intel TDX guests on Hyper-V.
Furthermore, there have been other enhancements, such as improved handling of the ACPI (Advanced Configuration and Power Interface) root object in the VMBus driver. Linus Torvalds, the head of Linux development, accepted these updates, which were submitted by Wei Liu, Microsoft’s Principal Architect at Azure Machine Learning.
Intel’s Trust Domain eXtension (TDX) plays a vital role in isolating virtual machines (VMs) from their hypervisors, such as Microsoft’s Hyper-V, thus providing robust hardware isolation. This technology is known for creating “Trust Domains” and offers multi-key total memory encryption (MKTME) using AES-128-XTS.
On the AMD side, Secure Encrypted Virtualization (SEV) serves a similar purpose by isolating VMs from their hypervisors. AMD has advanced this technology with SEV-ES (Secure Encrypted Virtualization-Encrypted State) for CPU encryption and SEV-SNP (Secure Nested Paging) to safeguard against side-channel attacks.
One notable advantage of these technologies is exemplified by Intel TDX, which recently shielded its processors from the Downfall vulnerability, although it doesn’t guarantee immunity to flawed microcode updates.
While these developments may not hold significant relevance for the average consumer, they bring added security benefits that enterprises are likely to appreciate.