Performance Overheads of Confidential Virtual Machines.

A Confidential Virtual Machine (CVM) is a virtual machine (VM) whose memory is encrypted using trusted hardware support to prevent unauthorized access to its contents, including by the hypervisor. AMD Secure Encrypted Virtualization (SEV) provides hardware support for CVMs on AMD processors and has been used by several cloud operators to provide trusted execution environments to cloud users. In this paper, we examine the performance overheads of CVMs across three generations of AMD SEV using a number of CPU, memory, and I/O benchmarks. Our findings indicate that CPU -intensive workloads running on a CVM do not experience significant performance difference compared to a non-confidential VM. However, we observe that some workloads that are sensitive to cache/memory latency may experience a performance drop of up to 2.5%. Pure memory-intensive workloads are observed to experience up to 4.3% overhead. Disk I/O from CVMs experiences a significant performance impact when using SEV, with up to a 56% performance penalty. Network I/O, on the other hand, experiences up to a 36% overhead. Workloads with a mix of memory and I/O accesses experience an overhead of up to 14%. Our work complements and extends the existing understanding of the performance of this important and rapidly evolving technology.