Confidential computing with AMD SEV-SNP

If you have one of our AMD EPYC VPS plans, you can enable AMD SEV-SNP to fully encrypt your virtual machine’s memory and CPU registers at the hardware level. This means not even the hypervisor or host operating system can read your VM’s data while it’s running — closing the last major gap in cloud security and enabling confidential computing.

In this post we’ll walk through the three steps to a fully confidential VPS: enabling SEV-SNP, attesting the chain of trust, and optionally deploying a LUKS-encrypted OS image for full-disk encryption at rest. All three guides are also available individually in our knowledgebase.

What is SEV-SNP and why should you care?

AMD SEV-SNP (Secure Encrypted Virtualization – Secure Nested Paging) is a hardware feature built into AMD EPYC processors. It encrypts each virtual machine’s memory with a unique AES key managed by the AMD Platform Security Processor — a dedicated chip on the CPU die. The hypervisor never has access to these keys, so even a compromised host cannot read your VM’s RAM.

On top of memory encryption, SEV-SNP also encrypts CPU register state on every context switch, and provides remote attestation so you can cryptographically verify the chain of trust from AMD’s root certificate down to your specific VM.

The trade-off is roughly a 10% CPU performance hit. In our Geekbench 6 tests, single core scores dropped from about 1900 to 1700 points. For security-sensitive workloads — financial data, healthcare, GDPR-regulated PII, cryptographic key management, AI model inference — this is well worth it.

Enabling SEV-SNP

This works on Ubuntu 24.04/Debian 13 or AlmaLinux/RHEL/Rocky 10 and later. Other distributions may work but are untested.

First, power off your VPS from the control panel. Then go to Options → Settings and change the firmware to UEFI. The system will automatically add the SEV-SNP configuration to the QEMU virtual machine. Click Boot to restart.

Once your VPS is back up, SSH in and verify that SEV-SNP is active:

dmesg | grep -i sev

You should see kernel messages confirming SEV-SNP is detected and enabled. That’s it — your VM’s memory and register state are now fully encrypted. The full step-by-step with screenshots is in the knowledgebase article.

Attesting the chain of trust

Encryption without verification means you’re trusting the provider’s word that SEV-SNP is actually running. Remote attestation fixes this — it gives you cryptographic proof that your VM is on genuine AMD hardware with the firmware you expect.

We use the open-source snpguest tool from the Virtee project. First, install Rust and build it:

# Install Rust (press Enter for defaults)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source "$HOME/.cargo/env"

# Clone and build snpguest
git clone https://github.com/virtee/snpguest
cd snpguest
cargo build -r
cp ./target/release/snpguest /usr/local/bin

Make sure the sev-guest kernel module is loaded (on Ubuntu 24.04 you may need the linux-modules-extra package). Then run the attestation:

snpguest report report.bin request.bin --random
snpguest fetch vcek pem ./certs/ report.bin
snpguest fetch ca pem ./certs/ Milan
snpguest verify certs ./certs/
snpguest verify attestation ./certs/ report.bin

If everything passes, your VPS encryption is fully attested. This confirms the memory encryption keys were generated by AMD’s hardware security processor and no tampered hypervisor is in play. More details in the attestation knowledgebase article.

Deploying a LUKS-encrypted OS image

SEV-SNP protects data in memory. For data at rest, you’ll want LUKS full-disk encryption. We provide a tool that creates a LUKS-encrypted, UEFI-bootable Linux image you can deploy to your VPS.

You’ll need a Linux system or WSL2 on Windows 11. Download the image creation tool from the knowledgebase, extract it, and run the dependency checker:

python3 check_deps.py

Then switch to root (loop devices are needed) and build your image:

export ROOT_PASSWORD="your-root-password"
export LUKS_PASSWORD="your-luks-password"
./create_image.sh --distro debian13 --boot-mode uefi

The --boot-mode uefi flag is required if you want to use SEV-SNP. To deploy, boot your VPS into rescue mode and push the image to the main block device:

cat output.img | ssh root@<rescue-ip> "cat > /dev/sda"

Disable rescue mode and reboot. You’ll need VNC to unlock the LUKS volume on each boot.

Putting it all together

With all three layers in place, your VPS has data encrypted at rest (LUKS), data encrypted in use (SEV-SNP memory and register encryption), and cryptographic proof that no one has tampered with the chain of trust (attestation). This is the same class of technology that major cloud providers offer for confidential VMs, available on our EPYC VPS plans.

If you run into any issues, open a support ticket and we’ll help you get set up your confidential computing virtual machine.

en_USEnglish
es_CLEspañol de Chile en_USEnglish