Does Firecracker support AMD Secure Encrypted Virtualization (SEV)?

[CodingYuanLiu]

Why is this feature request important? What are the use cases? Please describe.

AMD Secure Encrypted Virtualization (SEV) is a hardware feature provided by AMD, designed to isolate virtual machines from the hypervisor.

Describe the desired solution

So far, we can use QEMU to start a VM with SEV enabled. If firecracker support SEV, we can use firecracker to replace QEMU and start a micro VM with SEV.

Describe possible alternatives

Without the feature, I can only use QEMU to start a VM with SEV, so that I can not take advantages of firecracker's feature

Additional context

No additional context

Checks

• [y] Have you searched the Firecracker Issues database for similar requests?
• [n] Have you read all the existing relevant Firecracker documentation?
• [n] Have you read and understood Firecracker's core tenets?

[georgepisaltu]

Hi @CodingYuanLiu,

Firecracker does not support AMD Secure Encrypted Virtualization. I don't think Firecracker can support SEV as of right now because we provide snapshot capabilities and any operations that involve saving and restoring the memory and state of the VM are unsupported by SEV. From my research, it seems that with hardware evolution this barrier might disappear and we could look into this feature.

[CodingYuanLiu]

Thank you for your help. By the way, may I ask that how fast can firecracker start when restoring from a snapshot?

[georgepisaltu]

As you can see in our integration tests here, we ensure we have a restore time of less than 8 ms in the tests, but we target 5 ms. The 8 ms value is only for testing purposes and comes from this issue.

[CodingYuanLiu]

Wow that target is fantastic. Thank you a lot for your help.

[hpvd]

Since we are also interested in this, I did a little research:

seems to be possible now using SEV Key Management

KVM implements the following commands to support common lifecycle events of SEV guests, such as launching, running, snapshotting, migrating and decommissioning.
https://www.kernel.org/doc/html/v5.6/virt/kvm/amd-memory-encryption.html#sev-key-management

[hpvd]

also interesting from firecracker roadmap planning:
#4894

The kata-containers initiative for confidential compute is interested in
including Firecracker GPU support.

-> Do they run their container already on fire cracker with confidential compute (and now "only want to add PCIe pass through)?

[hpvd]

Hi @CodingYuanLiu,

Firecracker does not support AMD Secure Encrypted Virtualization. I don't think Firecracker can support SEV as of right now because we provide snapshot capabilities and any operations that involve saving and restoring the memory and state of the VM are unsupported by SEV. From my research, it seems that with hardware evolution this barrier might disappear and we could look into this feature.

+1 on reopening this issue, or shall we create a new one?

[bdchatham]

Also +1 to reopening this issue. This would be a huge win for CC use-cases in multiple ways.

[JackThomson2]

Hi,

Thanks for the interest in this, unfortunately this currently is not on our roadmap. We will reopen this issue if this changes in the future