https://wiggels.dev/tags/sev-snp/Recent content in Sev-Snp on Hunter WigelsworthHugoen-usFri, 05 Jun 2026 00:00:00 +0000https://wiggels.dev/posts/amd-sev-snp-trust-nobody-encrypt-everything/Fri, 05 Jun 2026 00:00:00 +0000https://wiggels.dev/posts/amd-sev-snp-trust-nobody-encrypt-everything/<p>Your cloud provider can read your VM&rsquo;s memory. Full stop. I don&rsquo;t care what their marketing page says. If you&rsquo;re running on standard hardware with standard virtualization, the hypervisor has god-mode access to every byte of your guest&rsquo;s RAM. Your encryption-at-rest doesn&rsquo;t matter. Your TLS doesn&rsquo;t matter. The moment your data is in memory, it&rsquo;s naked and the hypervisor is watching.</p> <p>This is the problem AMD set out to solve with SEV-SNP, and after deploying this stuff in production across multiple clusters, I&rsquo;m going to walk you through exactly how it works — all five generations of it — because understanding the evolution explains <em>why</em> the final product looks the way it does.</p>