With recent fears about security, and given that these processors are aiming to go to the Enterprise space, AMD had to dedicate some time to explaining how secure the new platform is. AMD has had its Secure Processor in several CPUs at this point: a 32-bit ARM Cortex-A5 acting as a microcontroller that runs a secure OS/kernel with secure off-chip storage for firmware and data – this helps provide cryptographic functionality for secure key generation and key management. This starts with hardware validated boot (TPM), but includes Secure Memory Encryption and Secure Encrypted Virtualization.

Encryption starts at the DRAM level, with an AES-128 engine directly attached to the MMU. This is designed to protect against physical memory attacks, with each VM and Hypervisor able to generate a separate key for their environment. The OS or Hypervisor can choose which pages to encrypt via page tables, and the DMA engines can provide support for external devices such as network storage and graphics cards to access encrypted pages.

Because each VM or container can obtain its own encryption key, this isolates them from each other, protecting against cross-contamination. It also allows unencrypted VMs to run alongside encrypted ones, removing the all-or-nothing scenario. The keys are transparent to the VMs themselves, managed by the protected hypervisor. It all integrates with existing AMD-V technology.

Alongside this are direct RAS features in the core, with the L1 data cache using SEC-DED ECC and L2/L3 caches using DEC-TED ECC. The DRAM support involves x4 DRAM device failure correction with addr/cmd parity and write CRC with replay. Data poisoning is handled with reporting and a machine check recovery mode. The Infinity Fabric between dies and between sockets is also link-packet CRC backed with retry.

One element that was not discussed is live VM migration across encrypted environments. We fully suspect that an AMD-to-AMD live migration be feasible, although an AMD-to-Intel or Intel-to-AMD will have issues, given that each microarchitecture has unique implementations of certain commands.

NUMA NUMA: Infinity Fabric Bandwidths Power Management and Performance
POST A COMMENT

129 Comments

View All Comments

  • Gothmoth - Tuesday, June 20, 2017 - link

    but where is room for the ryzen cpus then? when a 16 core server CPU cost only 899$ and TR is significantly cheaper. and if im not wrong there is at least a 12 core TR model too. Reply
  • Bateluer - Tuesday, June 20, 2017 - link

    Plenty of room between $470 and $900 for Threadripper parts, and plenty of room below $470 for us regular joes who can't afford dropping a grand on just the CPU. Reply
  • Gothmoth - Tuesday, June 20, 2017 - link

    "significantly lower".

    and the cheapest epyc server is already a lot less than 900$ ... when we look at the information above.
    Reply
  • Zingam - Wednesday, June 21, 2017 - link

    I'm pretty sure MoBos will be more expensive without consumer features and especially no "Gaming" on the cardbox and no RGB lighting. Reply
  • Jimster480 - Monday, June 26, 2017 - link

    I agree but there is alot of room even between $200 and $50 for CPU's lol.
    Most people don't need an 1800x, nevermind anything above that.

    The average person only needs 4 cores, and most gamers will do fine with a 6C ryzen or the entry level 8C.
    Reply
  • sharath.naik - Monday, July 03, 2017 - link

    From my experience even highly threaded application get bottlenecked due to max single core performance, as the code path will have a single thread part in between the multithread path which becomes a huge bottle neck in these high core count cpus. Intel has a huge advantage here in terms of max turbo for the newer xeons all reaching 4.2 Ghz. But the 1p 32 core for 2000$ right away makes the v4 Xeons obsolete in terms of price to performance. Reply
  • jjj - Tuesday, June 20, 2017 - link

    Dual socket SKUs 32-core CPUs starting at $3400, 24-core from $1850, 16-core from $650, 8-core from $475
    for single socket the 32 cores at 2100$, 24 cores 1075$, 16 cores 750$.

    Server margins are high so no reason for AMD to aim higher that that but they could be more aggressive in consumer.
    Reply
  • rahvin - Wednesday, June 21, 2017 - link

    All they need to be is cheaper per watt than intel for the same or better performance and they'll have massive sales to the cloud companies not even including taking any of the SB market. In other words they don't need to be half the price of Intel. But the hope is that Intel will lower prices on Xeon's and AMD will be forced to lower prices some more.

    Frankly server part pricing is atrocious right now, a little competition from AMD could drive server part pricing down to something reasonable like the last time AMD competed with Opteron.
    Reply
  • IanHagen - Tuesday, June 20, 2017 - link

    I'm really excited with Epyc. I remember Interlagos being released with performance well bellow existing Intel's offerings and now look at this! I can't wait for concrete benchmarks. Reply
  • DanNeely - Tuesday, June 20, 2017 - link

    "Each CPU will support 128 PCIe 3.0 lanes, suitable for six GPUs with full bandwidth support (plus IO) or up to 32 NVMe drives for storage. " Shouldn't this be 8 GPUs or 32 NVMe drives? (Or 7/31 if a Southbridge is connected and eats 4 of the lanes.) Reply

Log in

Don't have an account? Sign up now