Microsoft And AMD Partner On Confidential Computing Evolution

Microsoft Azure is the first major cloud provider to provide confidential virtual machines on the new AMD EPYC 7003 series processors.

Recently, Microsoft announced that it is further broadening the confidential computing options available to Azure customers through its technology partnership with AMD.

The company is now the first major cloud provider to provide confidential virtual machines on the new AMD EPYC 7003 series processors. This partnership complements existing Azure confidential computing solutions like confidential containers for Azure Kubernetes Service and opens the possibility to create new confidential applications without requiring code modifications.

The solution includes the advanced security feature called Secure Encrypted Virtualization-Secure Nested Paging,- "SEV-SNP". SEV-SNP provides protection to virtual machines by creating a trusted execution environment and it has been substantially enhanced in the 3rd Gen AMD EPYC processor. 

Source: Microsoft

Well, these AMD EPYC-CPU powered Azure VMs are fully encrypted at runtime, fulfilling the promise of confidential computing by protecting your data even when it is in use. Here, the encryption keys that are used for VM encryption are generated by a dedicated secure processor on the EPYC CPU. This means that no one, even cloud administrators in the VMs can get access to these encryption keys. 

Microsoft said that you can now deliver confidential workloads on Azure with the broadest choice of hardware as well as resources spanning VMs, containers, SQL, and beyond. 
 
Azure also provides a set of important services, including the Azure Attestation service and trusted launch, to further help the customers. The Azure Attestation service collects information and evidence that the hardware environment is in good state and then gives a cryptographic signal to Azure Key Vault to securely create the decryption key for the VM image.

For additional details, you can visit the official announcement here.