AMD Virtual TPM Driver Merged For Linux 6.16 To Enhance Confidential Computing
([AMD] 2 Hours Ago
AMD SEV + vTPM)
- Reference: 0001550170
- News link: https://www.phoronix.com/news/AMD-SEV-vTPM-Linux-6.16-Merged
- Source link:
The latest upstream Linux kernel improvement for AMD's [1]Secure Encrypted Virtualization "SEV" is the introduction of a virtual TPM driver.
Last month I wrote about [2]the AMD SEV-SNP SVSM vTPM driver being prepped and indeed this week it was submitted and subsequently merged for Linux 6.16. The [3]x86/sev pull request for Linux 6.16 explains the purpose of this virtual TPM "vTPM" driver:
"Add a virtual TPM driver glue which allows a guest kernel to talk to a TPM device emulated by a Secure VM Service Module (SVSM) - a helper module of sorts which runs at a different privilege level in the SEV-SNP VM stack.
The intent being that a TPM device is emulated by a trusted entity and not by the untrusted host which is the default assumption in the confidential computing scenarios."
It's another step toward a nice Confidential Computing "CoCo" experience on modern AMD EPYC processors with the upstream Linux kernel.
[4]
The AMD SNP SVSM vTPM driver comes in at less than 400 lines of new code for Linux 6.16.
[1] https://www.phoronix.com/search/Secure+Encrypted+Virtualization
[2] https://www.phoronix.com/news/Linux-SNP-SVSM-vTPM-Driver-Tip
[3] https://lore.kernel.org/lkml/20250526194634.GAaDTFGr3LAfeGdCxe@fat_crate.local/
[4] https://www.phoronix.com/image-viewer.php?id=2025&image=amd_epyc_sev_tpm_lrg
Last month I wrote about [2]the AMD SEV-SNP SVSM vTPM driver being prepped and indeed this week it was submitted and subsequently merged for Linux 6.16. The [3]x86/sev pull request for Linux 6.16 explains the purpose of this virtual TPM "vTPM" driver:
"Add a virtual TPM driver glue which allows a guest kernel to talk to a TPM device emulated by a Secure VM Service Module (SVSM) - a helper module of sorts which runs at a different privilege level in the SEV-SNP VM stack.
The intent being that a TPM device is emulated by a trusted entity and not by the untrusted host which is the default assumption in the confidential computing scenarios."
It's another step toward a nice Confidential Computing "CoCo" experience on modern AMD EPYC processors with the upstream Linux kernel.
[4]
The AMD SNP SVSM vTPM driver comes in at less than 400 lines of new code for Linux 6.16.
[1] https://www.phoronix.com/search/Secure+Encrypted+Virtualization
[2] https://www.phoronix.com/news/Linux-SNP-SVSM-vTPM-Driver-Tip
[3] https://lore.kernel.org/lkml/20250526194634.GAaDTFGr3LAfeGdCxe@fat_crate.local/
[4] https://www.phoronix.com/image-viewer.php?id=2025&image=amd_epyc_sev_tpm_lrg
phoronix