I never understood why AMD is not at least making the source of these available. I would actually really like a secure cryptographic processor that's been extensively vetted and trustworthy.
For CPU bound work loads, pretty low, but not low enough that it's free (~5%).
For devices (especially latency sensitive workloads), it's quite bad. Device accesses have to be bounce-buffered. You can't do anything vaguely zero copy, since the device can't DMA to or from the VM. Future hardware support will mitigate that (mutually attested VM/Device interactions), but no real world devices support it yet.
I don't know the performance implications, but the brief description of the feature is that guest memory is encrypted with a key that the host doesn't know, so the host can't observe the contents of guest memory.
Like OpenSIL, AMD could start a long-term project to replace the closed ASP with an open alternative. The industry now has Calpitra (AMD contributes), OpenTitan, TockOS (used by Pluton) and other open hardware and software projects for security enclaves.
> Dr. Lisa Su gave some hope that something would be done when she said she'd discuss things internally as the result of a recent reddit AMA question. Ultimately, though, it turns out that AMD is not opening up the PSP
Which Google will be using in Chromebook for it's security chip https://lowrisc.org/news/nuvoton-develops-opentitan-based-se...