diff --git a/nova/conf/libvirt.py b/nova/conf/libvirt.py
index 4098f618611d..a7a9ee4a386c 100644
--- a/nova/conf/libvirt.py
+++ b/nova/conf/libvirt.py
@@ -518,7 +518,7 @@ Related options:
     cfg.ListOpt(
         'cpu_model_extra_flags',
         item_type=types.String(
-            choices=['pcid', 'ssbd', 'virt-ssbd'],
+            choices=['pcid', 'ssbd', 'virt-ssbd', 'amd-ssbd', 'amd-no-ssb'],
             ignore_case=True,
         ),
         default=[],
@@ -534,11 +534,11 @@ virtual CPU model::
     cpu_model_extra_flags = pcid
 
 Currently, the choice is restricted to a few options: ``pcid``,
-``ssbd``, and ``virt-ssbd`` (the options are case-insensitive, so
-``PCID`` is also valid, for example).  These flags are now required to
-address the guest performance degradation as a result of applying the
-"Meltdown" CVE fixes (``pcid``) and exposure mitigation (``ssbd`` and
-``virt-ssbd``) on affected CPU models.
+``ssbd``, ``virt-ssbd``, ``amd-ssbd``, and ``amd-no-ssb`` (the options
+are case-insensitive, so ``PCID`` is also valid, for example).  These
+flags are now required to address the guest performance degradation as
+a result of applying the "Meltdown" CVE fixes (``pcid``) and exposure
+mitigation (``ssbd`` and related options) on affected CPU models.
 
 Note that when using this config attribute to set the 'PCID' and
 related CPU flags, not all virtual (i.e. libvirt / QEMU) CPU models
@@ -552,13 +552,15 @@ need it:
   even if the host CPUs by the same name include it.  I.e.  'PCID' needs
   to be explicitly specified when using the said virtual CPU models.
 
-For more information about ``ssbd`` and ``virt-ssbd`` applicability,
+For more information about ``ssbd`` and related options,
 please refer to the following security updates:
 
 https://www.us-cert.gov/ncas/alerts/TA18-141A
 
 https://www.redhat.com/archives/libvir-list/2018-May/msg01562.html
 
+https://www.redhat.com/archives/libvir-list/2018-June/msg01111.html
+
 For now, the ``cpu_model_extra_flags`` config attribute is valid only in
 combination with ``cpu_mode`` + ``cpu_model`` options.
 
diff --git a/releasenotes/notes/libvirt-cpu-model-extra-flags-amd-ssbd-1c0d0cec14073dec.yaml b/releasenotes/notes/libvirt-cpu-model-extra-flags-amd-ssbd-1c0d0cec14073dec.yaml
new file mode 100644
index 000000000000..5d8e9d54edc2
--- /dev/null
+++ b/releasenotes/notes/libvirt-cpu-model-extra-flags-amd-ssbd-1c0d0cec14073dec.yaml
@@ -0,0 +1,8 @@
+---
+security:
+  - |
+    The 'AMD-SSBD' and 'AMD-NO-SSB' flags have been added to the list of available
+    choices for the ``[libvirt]/cpu_model_extra_flags`` config option. These are
+    important for proper mitigation of security issues in AMD CPUs. For more
+    information see
+    https://www.redhat.com/archives/libvir-list/2018-June/msg01111.html
\ No newline at end of file