AMD SEV-SNP for Amazon EC2 instances
AMD Secure Encrypted Virtualization-Secure Nested Paging (AMD SEV-SNP) is a CPU feature that provides the following properties:
-
Attestation – AMD SEV-SNP enables you to retrieve a signed attestation report that contains a cryptographic measure that can be used to validate the instance's state and identity, and that it is running on genuine AMD hardware. For more information, see Attest an Amazon EC2 instance with AMD SEV-SNP.
-
Memory encryption – Starting with AMD EPYC (Milan), AWS Graviton2, and Intel Xeon Scalable (Ice Lake) processors, instance memory is always encrypted.
You can use AMD SEV-SNP with Dedicated Hosts or with shared tenancy.
Contents
Concepts and terminology
Before you begin using AMD SEV-SNP, ensure that you are familiar with the following concepts and terminology.
AMD SEV-SNP attestation report
The AMD SEV-SNP attestation report is a document that an instance can request from the CPU. The AMD SEV-SNP attestation report can be used to validate the state and identity of an instance, and to verify that it is running in a sanctioned AMD environment. The report includes a launch measurement, which is a cryptographic hash of the initial boot state of an instance, including its initial instance memory contents and initial state of the vCPUs. The AMD SEV-SNP attestation report is signed with either a VCEK signature (on Dedicated Hosts) or a VLEK signature (on shared tenancy) that chains back to an AMD root of trust.
VCEK
The Versioned Chip Endorsement Key (VCEK) is a per-chip signing key that is certified by AMD and used by the AMD CPU to sign the AMD SEV-SNP attestation reports on Dedicated Hosts. VCEK signatures can be validated using certificates provided by AMD.
VLEK
The Versioned Loaded Endorsement Key (VLEK) is a versioned signing key that is certified by AMD and used by the AMD CPU to sign the AMD SEV-SNP attestation reports on shared tenancy. VLEK signatures can be validated using certificates provided by AMD.
OVMF binary
The Open Virtual Machine Firmware (OVMF) is the early-boot code that is used to provide
a UEFI environment for the instance. The early-boot code is run before the code in the AMI
is booted. The OVMF also finds and runs the boot loader provided in the AMI. For more
information, see the OVMF repository
Requirements
The requirements for AMD SEV-SNP depend on whether you use Dedicated Hosts or shared tenancy.
Requirements for Dedicated Hosts
To use AMD SEV-SNP with Dedicated Hosts, you must meet the following requirements:
-
Use one of the following supported instance types:
-
General purpose:
m6a.large|m6a.xlarge|m6a.2xlarge|m6a.4xlarge|m6a.8xlarge -
Compute optimized:
c6a.large|c6a.xlarge|c6a.2xlarge|c6a.4xlarge|c6a.8xlarge|c6a.12xlarge|c6a.16xlarge -
Memory optimized:
r6a.large|r6a.xlarge|r6a.2xlarge|r6a.4xlarge
-
-
Allocate a Dedicated Host with AMD SEV-SNP enabled. For more information, see Allocate a Dedicated Host with AMD SEV-SNP.
-
Launch your instance in any commercial AWS Region.
-
Use an AMI with
uefioruefi-preferredboot mode and an operating system that supports AMD SEV-SNP. For AWS, AMD SEV-SNP is supported on AL2023, RHEL 9.3, SLES 15 SP4, and Ubuntu 23.04 and later.
Requirements for shared tenancy
To use AMD SEV-SNP with shared tenancy, you must meet the following requirements:
-
Use one of the following supported instance types:
-
General purpose:
m6a.large|m6a.xlarge|m6a.2xlarge|m6a.4xlarge|m6a.8xlarge -
Compute optimized:
c6a.large|c6a.xlarge|c6a.2xlarge|c6a.4xlarge|c6a.8xlarge|c6a.12xlarge|c6a.16xlarge -
Memory optimized:
r6a.large|r6a.xlarge|r6a.2xlarge|r6a.4xlarge
-
-
Launch your instance in a supported AWS Region: US East (Ohio) or Europe (Ireland).
-
Use an AMI with
uefioruefi-preferredboot mode and an operating system that supports AMD SEV-SNP. For AWS, AMD SEV-SNP is supported on AL2023, RHEL 9.3, SLES 15 SP4, and Ubuntu 23.04 and later.
Considerations
You can only enable AMD SEV-SNP when you launch an instance. When AMD SEV-SNP is enabled for your instance launch, the following rules apply.
-
After it is enabled, AMD SEV-SNP can't be disabled. It remains enabled throughout the instance lifecycle.
-
You can only change the instance type to another instance type that supports AMD SEV-SNP.
-
Hibernation and Nitro Enclaves aren't supported.
Additional considerations for Dedicated Hosts
The following additional considerations apply when you use AMD SEV-SNP with Dedicated Hosts:
-
Firmware updates are applied when you allocate a host. To get the latest firmware, release the existing host and allocate a new one. For more information, see Update firmware on a AMD SEV-SNP Dedicated Host.
-
You can launch instances with or without AMD SEV-SNP enabled on a Dedicated Host that has AMD SEV-SNP support.
-
Host Resource Groups and Dedicated Host Reservations are supported.
Additional considerations for shared tenancy
The following additional considerations apply when you use AMD SEV-SNP with shared tenancy:
-
If the underlying host for your instance is scheduled for maintenance, you'll receive a scheduled event notification 14 days before the event. You must manually stop or restart your instance to move it to a new host.
Pricing
Dedicated Hosts
There is no additional charge for using AMD SEV-SNP on Dedicated Hosts. You pay only the
standard Dedicated Host pricing. For more information, see Dedicated Host pricing
Shared tenancy
When you launch an Amazon EC2 instance with AMD SEV-SNP enabled on shared tenancy, you
are charged an additional hourly usage fee that is equivalent to 10 percent of the
On-Demand hourly rate
If you configure a Spot Instance to launch with AMD SEV-SNP enabled on shared tenancy,
you are charged an additional hourly usage fee that is equivalent to 10 percent of the
On-Demand hourly rate