VMware announced support for AMD secure encrypted virtualization-encrypted state (SEV-ES) in the latest update to its vSphere virtualization platform.

SEV-ES provides hardware layer encryption of memory and CPU registers, and according to VMware, enhanced security for its customer's environments.

Introduced in 2019 on AMD's second-generation EPYC processors, SEV-ES is part of AMD Infinity Guard, which uses an additional security processor located on the processor die to do what the chipmaker refers to as "hardware root of trust."

This security process made its first appearance on AMD's original EPYC processors but was limited to 15 encryption keys. EPYC 2 extends that to more than 500 keys with one encryption key for the hypervisor and 499 remaining for workloads.

This kind of hardware security has become a concern in the wake of the Spectre and Meltdown vulnerabilities.

“In a virtualized environment, it is critical to have protection of data not only from other virtual machines but the hypervisor itself. This is why we chose to make vSphere 7 the first hypervisor to provide full SEV-ES support from AMD EPYC processors,” Krish Prasad, SVP and GM of VMware's cloud platform business unit, said in a statement.

The additional layer of security means customers can now encrypt data throughout their environment without needing to make changes to their applications, according to Prasad.

AMD's SEV-ES also has advantages beyond ease of implementation, Bob Plankers, technical marketing architect at VMware, explained in a blog post.

"This technology isn't all or nothing," he wrote. "You can enable it for certain workloads, leave it disabled for others, and they can all coexist peacefully. That flexibility means that enabling and deploying this technology can be done at your own pace."

AMD's EYPC 2 processors are already being deployed by several of VMware's OEM partners, including Dell Technologies, Hewlett Packard Enterprise, Lenovo, and Supermicro.