[rajeshr]

They did publish the source: https://github.com/amd/AMD-ASPFW

This was the PR(!): https://ir.amd.com/news-events/press-releases/detail/1154/am...

I wonder if the reported exploits forced them to publish the source.

[shrubble]

That is only the part that allows encrypted virtual machines on EPYC cpus. The PSP in some form is on all AMD processors since about 2013/2014.

[tonetegeatinst]

Encrypted vm's? On epyc?

What's the performance penalty for that?

[bobbiechen]

In benchmarks from Microsoft Azure and Google Cloud, 1-8% overhead for throughput.

Microsoft Azure: https://community.amd.com/t5/epyc-processors/microsoft-azure...

Google Cloud: https://www.amd.com/content/dam/amd/en/documents/epyc-busine...

[strstr]

For CPU bound work loads, pretty low, but not low enough that it's free (~5%).

For devices (especially latency sensitive workloads), it's quite bad. Device accesses have to be bounce-buffered. You can't do anything vaguely zero copy, since the device can't DMA to or from the VM. Future hardware support will mitigate that (mutually attested VM/Device interactions), but no real world devices support it yet.

[toast0]

I don't know the performance implications, but the brief description of the feature is that guest memory is encrypted with a key that the host doesn't know, so the host can't observe the contents of guest memory.