The purpose of this repository is to provide a unified framework for testing and certifying operating system support for AMD Secure Encrypted Virtualization (SEV) features. These are hardware-enabled security features that provide confidentiality and integrity of VM memory through per-VM encryption keys. Self-service tools are provided to run a series of certification tests using an AMD EPYC server, allowing for any user/organization to verify SEV support on a particular OS.
Note: Currently only linux distributions supported by mkosi are compatible with this framework.
This table contains operating systems that have undergone certification testing for AMD features through this repository.
| OS | Status | EPYC 7003 | EPYC 9004 | EPYC 8005 | EPYC 9005 |
|---|---|---|---|---|---|
| CentOS 10 | ✅ | c3.0.0-0 | |||
| Debian 13 | ❌ | N/A | |||
| Debian Forky | ✅ | c3.0.0-0 | |||
| Fedora 41 | ✅ | c3.0.0-0 | |||
| Rocky 10.1 | ✅ | c3.0.0-0 | |||
| Ubuntu 25.04 | ✅ | c3.0.0-0 | |||
| Ubuntu 25.10 | ✅ | c3.0.0-0 |
✅ Latest Level Certified
❌ Latest Level Not Certified
See Certificate Level Definitions for the features certified at each level.
Users/Organizations may target their own SEV-enabled EPYC server for self-service certification runs. Follow our guide on running an automated certification test here.
Each certification run automatically creates a GitHub Issue containing the results and assigning a certification level. Issues are tagged by OS and SEV feature to facilitate searching and tracking.
Host and Guest images are constructed in GitHub Workflows via mkosi. Host images are designed to be booted on a SEV-enabled EPYC server, and are configured with a series of tests in the form of custom systemd services that will run on an embedded guest image. The resulting host and guest images are available in GitHub releases.