New AMD Linux Patches Prepare Secure TSC Support For SEV-SNP Guests


A new patch series published this week by AMD engineers is preparing Linux kernel support for Secure TSC, a feature found with SEV-SNP enabled processors since the EPYC 7003 «Milan» series.

Secure TSC is for allowing SEV-SNP-protected virtual machines / guests to securely use the RDTSC and RDTSCP instructions. During boot of the VMs, the Secure TSC active guests query the timestamp counter information from the AMD PSP security processor in an encrypted manner.

The RDTSC/RDTSCP instructions for interfacing with the CPU time stamp counter have been used in exploiting side-channel attacks like Meltdown and Spectre for accurate instruction timing. So AMD Secure TSC for securely using these instructions from SEV-SNP protected guests is another added layer of security.

Secure TSC

AMD Secure TSC was already publicly documented and appears to be supported with all SEV-SNP processors, which is EPYC 7003 «Milan» and newer, while only yesterday were the Linux kernel patches posted for upstream review on enabling this Secure TSC support for SEV-SNP guests.