Yesterday, AMD announced the new EPYC Milan server processors or the new AMD EPYC™ 7003 series CPUs based on Zen 3 architecture. These new server processors help HPC, cloud, and enterprise customers do faster by delivering the best performance of any server CPU with up to 19% more instructions per clock.
AMD EPYC 7003 Series Processors have up to 64 “Zen 3” cores per processor and introduce new per-core cache memory levels while continuing to offer the PCIe® 4 connectivity class-leading memory bandwidth that defined the EPYC 7002 series CPUs.
While we covered both the performance dominance and why these server processors are called the best in the market, we will be discussing more the new security features introduced. These days, when the whole world has shifted to a work-from-home culture, security is an important aspect that often gets neglected to cause huge loss eventually.
AMD, with each generation, has brought new security features to their EPYC processors that are designed to power the servers that in turn run websites, cloud applications, HPC and every enterprise workloads. So, a CPU, which is the core of the system, needs to be secure from the increasing hackers that intend to steal data in various ways.
The 3rd Gen AMD EPYC processors also include modern security features through AMD Infinity Guard, supporting a new Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP). SEV-SNP expands the existing SEV features on EPYC processors, adding strong memory integrity protection capabilities to prevent malicious hypervisor-based attacks by creating an isolated execution environment.
Here are all the new and existing security features that can be found on new AMD EPYC™ 7003 series CPUs:
AMD Infinity Guard offers the advanced capabilities required to help defend against internal and external threats and keep your data safe with virtually zero impact to system performance.
Secure Encrypted Virtualization helps AMD EPYC™ processors to safeguard privacy and integrity by encrypting each virtual machine with one of up to 509 unique encryption keys known only to the processor. This aids in protecting confidentiality of your data even if a malicious virtual machine finds a way into your virtual machine’s memory, or a compromised hypervisor reaches into a guest virtual machine.
Secure Nested Paging featuring on the new 3rd Gen AMD EPYC™ processors adds strong memory integrity protection capabilities to help prevent malicious hypervisor based attacks like data replay, memory re-mapping, and more in order to create an isolated execution environment.
Secure Memory Encryption (SME) helps protect against attacks on the integrity of main memory (such as cold-boot attacks) because it encrypts the data. High-performance encryption engines integrated into the memory channels help speed performance. All of this is accomplished without modifications to your application software.
AMD Shadow Stack has been introduced with AMD EPYC™ 7003 series CPUs, it provides hardware-enforced stack protection capabilities to help guard against malware attacks. This security feature addresses threat vectors such as return-oriented programming attacks. It helps by keeping a record of the return addresses so a comparison can be made to ensure integrity is not compromised. In addition, AMD Shadow Stack enables Microsoft® hardware-enforced stack protection.
AMD Secure Boot use an embedded AMD Security Processor as a root of trust. With AMD Secure Boot, the secure processor validates that the BIOS booted without corruption. In virtualized environments, it can also be used to cryptographically verify the software stack loaded on a cloud server.
Know more here.
