With recent fears about security, and given that these processors are aiming to go to the Enterprise space, AMD had to dedicate some time to explaining how secure the new platform is. AMD has had its Secure Processor in several CPUs at this point: a 32-bit ARM Cortex-A5 acting as a microcontroller that runs a secure OS/kernel with secure off-chip storage for firmware and data – this helps provide cryptographic functionality for secure key generation and key management. This starts with hardware validated boot (TPM), but includes Secure Memory Encryption and Secure Encrypted Virtualization.

Encryption starts at the DRAM level, with an AES-128 engine directly attached to the MMU. This is designed to protect against physical memory attacks, with each VM and Hypervisor able to generate a separate key for their environment. The OS or Hypervisor can choose which pages to encrypt via page tables, and the DMA engines can provide support for external devices such as network storage and graphics cards to access encrypted pages.

Because each VM or container can obtain its own encryption key, this isolates them from each other, protecting against cross-contamination. It also allows unencrypted VMs to run alongside encrypted ones, removing the all-or-nothing scenario. The keys are transparent to the VMs themselves, managed by the protected hypervisor. It all integrates with existing AMD-V technology.

Alongside this are direct RAS features in the core, with the L1 data cache using SEC-DED ECC and L2/L3 caches using DEC-TED ECC. The DRAM support involves x4 DRAM device failure correction with addr/cmd parity and write CRC with replay. Data poisoning is handled with reporting and a machine check recovery mode. The Infinity Fabric between dies and between sockets is also link-packet CRC backed with retry.

One element that was not discussed is live VM migration across encrypted environments. We fully suspect that an AMD-to-AMD live migration be feasible, although an AMD-to-Intel or Intel-to-AMD will have issues, given that each microarchitecture has unique implementations of certain commands.

NUMA NUMA: Infinity Fabric Bandwidths Power Management and Performance
POST A COMMENT

130 Comments

View All Comments

  • willis936 - Wednesday, June 21, 2017 - link

    If you have video work, CAD, or MATLAB related things to do then the extra cores, memory bandwidth, and depending on how much you're dumping on co processors, even the PCIe lanes would be helpful. Reply
  • Drumsticks - Tuesday, June 20, 2017 - link

    ...Wow. THAT is an impressive comeback. Reply
  • msroadkill612 - Wednesday, June 21, 2017 - link

    AMD have gone from love forty, to advantage server. Reply
  • willis936 - Wednesday, June 21, 2017 - link

    How many wallets will be aced? Reply
  • Gothmoth - Tuesday, June 20, 2017 - link

    can someone look at the endnotes and tell me if the intel benchmark reduction is true or not.... Reply
  • Gothmoth - Tuesday, June 20, 2017 - link

    i can´t do it myself i am on my phone with shitty connection.... Reply
  • fanofanand - Tuesday, June 20, 2017 - link

    I cannot find a single statement confirming your concerns. I'm not sure where you heard it, but it appears to be inaccurate. Reply
  • Gothmoth - Tuesday, June 20, 2017 - link

    tomshardware:

    AMD provided some basic benchmarks, seen in the slides above, that compare its processors to the nearest Intel comparables. The price and performance breakdown chart is perhaps the most interesting, as it indicates much higher performance (as measured by SPECint_rate_base2006), at every price point. It bears mentioning that Intel publicly posts its SPEC benchmark data, and AMD's endnotes indicates that it reduced the scores used for these calculations by 46%. AMD justified this adjustment because they feel the Intel C++ compiler provides an unfair advantage in the benchmark. There is a notable advantage to the compiler, but most predict it is in the 20% range, so AMD's adjustments appear aggressive. We should take these price and performance comparisons with the necessary skepticism and instead rely upon third-party data as it emerges
    ......
    Reply
  • nevcairiel - Tuesday, June 20, 2017 - link

    That seems like a stupid reason to reduce anything. At the end of the day, what matters is how fast shit runs, if software is more optimized for one platform that is a valid point of data to include into any conclusion. Reply
  • Gothmoth - Tuesday, June 20, 2017 - link

    except when you want to sell your product. :-)

    well i am waiting for third party benchmarks and real reviews.
    Reply

Log in

Don't have an account? Sign up now