Confidential computing is a family of techniques to enhance security and confidentiality for data in use. One technical approach is strong isolation for virtual machines.

AMDs Secure Encrypted Virtualization (SEV) offers several feature sets for isolation of guest virtual machines from an non-trusted host hypervisor and operating system. These feature sets include memory encryption, encryption of guest state including CPU registers and an attestation framework.

In this talk we will explore some of the AMD SEV feature sets. We will describe how to use them to run OpenBSD as both

• a confidential guest VM and
• a host hypervisor providing a confidential execution environment.

Topics covered are CPU feature detection, low level kernel initialization, memory management, virtio(4) device drivers and the virtual machine daemon vmd(8).