New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
On our new plans, that should be available in the next few days or week:
All nodes will have SME (Secure Memory Encryption) enabled by default. It's an AMD Epyc security feature that offers physical memory encryption on the host node.
For mission-critical applications and for the truly paranoid, we are testing the implementation of Secure Encrypted Virtualization-Encrypted State (SEV-ES), something we wish to offer for an additional cost or one time fee.
I'd expect to see others copying this in the future.
Hi,
we provide that by default.
You’re welcome to give us a try. You do have the option to install any operating system from your ISO, so you can encrypt the data on your virtual machine.
Once you're able to get SEV-ES working, I'm buying it instantly.
Will make a thread once available.
Im buying this as soon as its out too
I'd be interested if they're Zen4+ EPYCs and Ryzen PROs with TSME (Transparent SME). Otherwise, the host would need enlightened OSes and a TPM, with SecureBoot enabled, which is too much trouble to bother.
Hopefully it's not SEV-ES but SEV-SNP, as the former is worse than nothing, IMO, since it provides false sense of security for people not closely following the tech, as SEV-ES threat model is "benign and/or accidental vulnerable" hypervisor, which is chuckle worthy
. SEV-ES has well known exploits that are not fixable, and even worse, not detectable via attestation.
SEV-SNP with guest attestation is the current way to go, which could actually work with compromised host and hypervisor, assuming user with sufficient knowledge in the space.
I'd be happy to try any provider with SEV-SNP offerings.