After two years of development and sixteen revisions, AMD's Secure TSC (Time Stamp Counter) feature appears ready for integration into the Linux kernel mainline, likely arriving with version 6.14.
The feature, initially proposed in January 2023, enables secure timestamp counter access for virtual machines running on AMD EPYC 7003 "Milan" and newer server processors with SEV-SNP (Secure Encrypted Virtualization-Secure Nested Paging) capabilities.
Secure TSC allows virtual machines to safely use RDTSC and RDTSCP instructions while preventing hypervisor manipulation of timestamp parameters after guest launch. During the boot process, virtual machines communicate with AMD's Platform Security Processor (PSP) through encrypted channels to obtain timestamp information.
The implementation uses AES-256 GCM encryption for secure communication between the guest and AMD Security Processor, with the hypervisor serving only as a message conduit. This design maintains security while enabling necessary functionality.
The latest version (v16) of the patches has been added to the x86/sev branch of the tip/tip.git repository, suggesting its readiness for the upcoming Linux 6.14 merge window.
While the kernel patches represent a major step forward, full functionality will require additional changes to both the Linux Kernel-based Virtual Machine (KVM) and QEMU virtualization software. These complementary patches are still in development and will need to be integrated separately.
The completion of this long-running development effort will provide enhanced security features for enterprise virtualization environments using modern AMD EPYC processors.