update README

author: Brijesh Singh <brijesh.singh@amd.com> 2018-08-01 11:58:33 -0500
committer: Brijesh Singh <brijesh.singh@amd.com> 2018-08-01 11:58:33 -0500
commit: 0af9aded6cbe5cb6d149bcc386cd1688ee2df6bf (patch)
tree: 295658fbe9a3052ffed07d30c320d2237053037f
parent: 88463265889d4b4fa26fa3dc38dba6f0b888b76a (diff)
download: cachepc-amdsev-0af9aded6cbe5cb6d149bcc386cd1688ee2df6bf.tar.gz
cachepc-amdsev-0af9aded6cbe5cb6d149bcc386cd1688ee2df6bf.zip
1 files changed, 71 insertions, 21 deletions
diff --git a/README.md b/README.md
index 91c60e4..31d99c0 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,21 @@
+# Table of contents
+* [ Introduction ](#intro)
+* [ SLES-15 ](#sles-15)
+  * [ Prepare Host OS ](#sles-15-host)
+  * [ Prepare VM ](#sles-15-prep-vm)
+  * [ Launch SEV VM ](#sles-15-launch-vm)
+* [ Fedora-28 ](#fc-28)
+  * [ Prepare Host OS ](#fc-28-host)
+  * [ Prepare VM ](#fc-28-prep-vm)
+  * [ Launch SEV VM ](#fc-28-launch-vm)
+* [ Ubuntu-18.04 ](#ubuntu18)
+  * [ Prepare Host OS ](#ubuntu18-host)
+  * [ Prepare VM ](#ubuntu18-prep-vm)
+  * [ Launch SEV VM ](#ubuntu18-launch-vm)
+ * [ Additional resources ](#resources)
+ 
+  
+<a name="intro"></a>
 # Secure Encrypted Virtualization (SEV)
 
 SEV is an extension to the AMD-V architecture which supports running encrypted
@@ -8,37 +26,38 @@ key; if its data is accessed to a different entity using a different key the
 encrypted guests data will be incorrectly decrypted, leading to unintelligible
 data. 
 
-## Getting Started
-
 SEV support has been accepted in upstream projects. This repository provides
 scripts to build various components to enable SEV support until the distros
 pick the newer version of components.
 
-To enable the SEV support we need the following versions:
-kernel >= 4.16
-qemu >= 2.15
-libvirt >= 4.5
-ovmf  >= commit  (75b7aa9528bd 2018-07-06 OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Restore C-bit when SEV is active)
-
-NOTES: 
+To enable the SEV support we need the following versions.
 
-1. Installing newer libvirt may conflict with existing setups hence script does
-   not install the newer version of libvirt. If you are interested in launching
-   SEV guest through the virsh commands then build and install libvirt 4.5 or
-   higher. Use LaunchSecurity tag https://libvirt.org/formatdomain.html#sev for
-   creating the SEV enabled guest.
+| Project       | Version                              |
+| ------------- |:------------------------------------:|
+| kernel        | >= 4.16                              |
+| libvirt       | >= 4.5                               |
+| qemu          | >= 2.12                              |
+| ovmf          | >= commit (75b7aa9528bd 2018-07-06 ) |
 
-2. SEV support is not available in SeaBIOS. Guest must use OVMF.
+> * Installing newer libvirt may conflict with existing setups hence script does
+>   not install the newer version of libvirt. If you are interested in launching
+>   SEV guest through the virsh commands then build and install libvirt 4.5 or
+>   higher. Use LaunchSecurity tag https://libvirt.org/formatdomain.html#sev for
+>   creating the SEV enabled guest.
+>
+> * SEV support is not available in SeaBIOS. Guest must use OVMF.
 
+<a name="sles-15"></a>
 
 ## SLES-15
 
 SUSE Linux Enterprise Server 15 GA includes the SEV support; we do not need
 to compile the sources.
 
-NOTE: SLES-15 does not contain the updated libvirt packages yet hence we will
+> SLES-15 does not contain the updated libvirt packages yet hence we will
 use QEMU command line interface to launch VMs.
 
+<a name="sles-15-host"></a>
 ### Prepare Host OS
 
 SEV is not enabled by default, lets enable it through kernel command line:
@@ -62,7 +81,7 @@ Install the qemu launch script
 # cd distros/sles-15
 # ./build.sh
 ```
-
+<a name="sles-15-prep-vm"></a>
 ### Prepare VM image
 
 Create empty virtual disk image
@@ -82,10 +101,11 @@ copy of VARS.fd.
 Download and install sles-15 guest
 
 ```
-# launch-qemu.sh -hda sles-15.qcow2 -cdrom SLE-15-Installer-DVD-x86_64-GM-DVD1.iso
+# launch-qemu.sh -hda sles-15.qcow2 -cdrom SLE-15-Installer-DVD-x86_64-GM-DVD1.iso -nosev
 ```
 Follow the screen to complete the guest installation.
 
+<a name="sles-15-launch-vm"></a>
 ### Launch VM
 
 Use the following command to launch SEV guest
@@ -95,10 +115,12 @@ Use the following command to launch SEV guest
 ```
 NOTE: when guest is booting, CTRL-C is mapped to CTRL-], use CTRL-] to stop the guest
 
+<a name="fc-28"></a>
 ## Fedora-28
 
-Fedora-28 includes newer kernel and ovmf packages but has older version qemu.
+Fedora-28 includes newer kernel and ovmf packages but has older qemu. We will need to update the QEMU to launch SEV guest.
 
+<a name="fc-28-host"></a>
 ### Prepare Host OS
 
 SEV is not enabled by default, lets enable it through kernel command line:
@@ -123,6 +145,7 @@ Build and install newer qemu
 # ./build.sh
 ```
 
+<a name="fc-28-prep-vm"></a>
 ### Prepare VM image
 
 Create empty virtual disk image
@@ -146,6 +169,7 @@ Download and install fedora-28 guest
 ```
 Follow the screen to complete the guest installation.
 
+<a name="fc-28-launch-vm"></a>
 ### Launch VM
 
 Use the following command to launch SEV guest
@@ -156,12 +180,13 @@ Use the following command to launch SEV guest
 
 NOTE: when guest is booting, CTRL-C is mapped to CTRL-], use CTRL-] to stop the guest
 
-
+<a name="ubuntu18"></a>
 ## Ubuntu 18.04
 
 Ubuntu 18.04 does not includes the newer version of components to be used as SEV
 hypervisor hence we will build and install newer kernel, qemu, ovmf.
 
+<a name="ubuntu18-host"></a>
 ### Prepare Host OS
 
 Build and install newer components
@@ -170,7 +195,7 @@ Build and install newer components
 # cd distros/ubuntu-18.04
 # ./build.sh
 ```
-
+<a name="ubuntu18-prep-vm"></a>
 ### Prepare VM image
 
 Create empty virtual disk image
@@ -194,6 +219,7 @@ Install ubuntu-18.04 guest
 ```
 Follow the screen to complete the guest installation.
 
+<a name="ubuntu18-launch-vm"></a>
 ### Launch VM
 
 Use the following command to launch SEV guest
@@ -202,3 +228,27 @@ Use the following command to launch SEV guest
 # launch-qemu.sh -hda ubuntu-18.04.qcow2
 ```
 NOTE: when guest is booting, CTRL-C is mapped to CTRL-], use CTRL-] to stop the guest
+
+<a name="resources"></a>
+# Additional Resources
+
+[SME/SEV white paper](http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf)
+
+[SEV API Spec](http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf)
+
+[APM Section 15.34](http://support.amd.com/TechDocs/24593.pdf)
+
+[KVM forum slides](http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf)
+
+[KVM forum videos](https://www.youtube.com/watch?v=RcvQ1xN55Ew)
+
+[Linux kernel](https://elixir.bootlin.com/linux/latest/source/Documentation/virtual/kvm/amd-memory-encryption.rst)
+
+[Linux kernel](https://elixir.bootlin.com/linux/latest/source/Documentation/x86/amd-memory-encryption.txt)
+
+[Libvirt LaunchSecurity tag](https://libvirt.org/formatdomain.html#sev)
+
+[Libvirt SEV domainCap](https://libvirt.org/formatdomaincaps.html#elementsSEV)
+
+[Qemu doc](https://git.qemu.org/?p=qemu.git;a=blob;f=docs/amd-memory-encryption.txt;h=f483795eaafed8409b1e96806ca743354338c9dc;hb=HEAD)
+
author	Brijesh Singh <brijesh.singh@amd.com>	2018-08-01 11:58:33 -0500
committer	Brijesh Singh <brijesh.singh@amd.com>	2018-08-01 11:58:33 -0500
commit	0af9aded6cbe5cb6d149bcc386cd1688ee2df6bf (patch)
tree	295658fbe9a3052ffed07d30c320d2237053037f
parent	88463265889d4b4fa26fa3dc38dba6f0b888b76a (diff)
download	cachepc-amdsev-0af9aded6cbe5cb6d149bcc386cd1688ee2df6bf.tar.gz cachepc-amdsev-0af9aded6cbe5cb6d149bcc386cd1688ee2df6bf.zip