As the title suggests we will be getting cpu instruction and ram encryption by 2028, at the very least using ryzen we will have encrypted xen virtualization in a way even dom0 wont be able to infer what is happening in your qubes, lastly and most importantly we should have per-vm isolation in gpus.
I don’t know about ya’ll but I am stacking up my bank account for the next few years, these news are enough for me to drop my old 2012ish laptop and upgrade, just the fact that I can have encrypted qubes is enough for me to have a fever dream, the coming advancements in gpu architecture to pair with that fact is making me spasm from happiness, the only thing that is a splash on cold water to my face is that PSP needs to stay on for all these features to work correctly, at least AFAIK
I think that now I will be buying my first “new” computer since forever, if not for the fact that qubes will be encrypted, now I will also be able to have a dedicated GPU that all qubes will be able to share securely, notably I will be going with AMD since NVIDIA surely is too focused on performance rather then security
Did manual research (no LLM), afaik disabling PSP right now disables most features and can be assumed it will be done in the future architectures as well, on the part about the architecture, this is already “standard” server architecture that AMD has hinted that they will bring into future generations of consumer hardware, judging by the timing of their releases and the features then if not the next generation of zen then the one after but the next 2 generations look like will be released before the end of the decate. On the part about gpus, while it is the feature I am the least sure about both amd and nvidia have at least hinted about confidential execution on their gpus, thats the part I am not fully sure of, basically if not by 2030 then by 2030-2032 it is certain.
I have to dissapoint you I dont keep bookmarks at all since I use whonix most of the time
Edit: I will be really dissapointed if this doesnt happen by 2028-2029 tbh, I have been waiting to buy new hardware since forever but haven’t had a real god reason to do it
My preliminary fast search shows, that first mentions of AMD SME and SEV was in 2016, users have been aroused about it’s Ryzen Pro laptops in 2017-2018 and AMD claims that firmware with it are available to RyzenPro and EPYC only and BIOS of server boards only utilize it. No mentions about Xen.
So, hold your horses.
[edit]
Right now, only EPYC gen3+ utilize fully SEV.
Xen have SME implemented and works on SEV since 2024 so maybe it will be available fully in 4.20
I wasent talking about ryzen pro at all, what I understood by the posts I read was that these server features are going to be brought to consumer hardware not that ryzen pro itself is going to be brought to consumer hardware. In the case of xen, I dont believe that (if indeed this happens) such a great feature arrives into consumer hardware and xen dosn’t add it into their priority list
Edit: these posts are about 2-3 months old i think, you should be able to be able to find them by doing some google dorking and locking the search to the past 6 months, but to be honest I usually use searxng so I am not sure which engine I had used to find these articles but they should be visible in most search engines like duckduckgo and google
we will be getting cpu instruction and ram encryption by 2028, at the
very least using ryzen we will have encrypted xen virtualization in a
way even dom0 wont be able to infer what is happening in your qubes,
lastly and most importantly we should have per-vm isolation in gpus.
Forgive my ignorance, but I sometimes see discussion on Intel’s “Arc slices” of some kind, and now sharing a GPU across VMs. Do any of these developments include passing a GPU without a secondary display, or does that have nothing to do with this topic? I’m struggling to find an article addressing this directly, but it could be me.
