Enabling SEV-SNP in your EPYC VPS

This guide assumes that the VPS is running Ubuntu 24.04/Debian 13 or Almalinux/RHEL/Rocky 10 and later.

SEV-SNP may work in other Linux distributions but they are untested.

 

Enabling SEV-SNP will cause a CPU performance loss of about 10%. This was tested using Geekbench 6, where single core results dropped from 1900 points to 1700 points.

First enter your control panel:

Enter control panel

Poweroff your VPS:

Power off vps

Go to VPS "Options" and then "Settings":

Enter "Options" and then "Settings"

Select "UEFI" firmware. The system will automatically add SEV-SNP to the QEMU virtual machine configuration.

Then, click "Boot" to restart your VPS:

Change to UEFI and then Boot the VPS

Finally, check in your VPS that SEV-SNP is detected and enabled using "dmesg | grep -i sev":

Checking for SEV in kernel log

 

Congratulations! Now your VPS memory and register state are fully encrypted.

After enabling SEV-SNP, proceed to the next article to check the validity of the chain of trust.

  • confidential computing, sev-snp
  • 0 Utilizadores acharam útil
Esta resposta foi útil?

Artigos Relacionados

Attested Direct Kernel Boot in your EPYC VPS

For extra security, some users might want to measure and attest their boot kernel and initrd...

Creating your own LUKS encrypted UEFI image

This guide is for less technically inclined users that want to create a LUKS encrypted Linux OS...

Attesting SEV-SNP in your EPYC VPS

This article assumes you have already enabled SEV-SNP in your VPS following the previous guide....