blob: 17848791e9c213fc7d250d1659adb44d0b994c70 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
Follow the below steps to build and run the SEV-SNP guest. The step below are tested on Ubuntu 20.04 host and guest.
## Build and Install
````
# git clone https://github.com/AMDESE/AMDSEV.git
# git checkout sev-snp-devel
# ./build.sh
# sudo dpkg -ivh linux-image*.deb
# sudo cp kvm.conf /etc/modprobe.d/
````
Reboot the host and choose SNP kernel from the grub menu.
Run the following command to verify that SNP is enabled in the host.
````
# dmesg | grep -i snp
SEV-SNP API:1.28 build:28
SEV supported: 410 ASIDs
SEV-ES supported: 99 ASIDs
SEV-SNP supported: 99 ASIDs
# cat /sys/module/kvm_amd/parameters/sev
1
# cat /sys/module/kvm_amd/parameters/sev_es
1
# cat /sys/module/kvm_amd/parameters/sev_snp
1
````
## Prepare Guest
Boot up the Ubuntu 20.04 guest and install the kernel package built in the previous step.
## Launch SNP Guest
To launch the SNP guest use the launch-qemu.sh script provided in this repository
````
# ./launch-qemu.sh -hda <your_qcow2_file> -sev-snp
````
To launch SNP disabled guest, simply remove the "-sev-snp" from the above command line.
Once the guest is booted, run the following command inside the guest VM to verify that SNP is enabled:
````
$ dmesg | grep -i snp
AMD Memory Encryption Features active: SEV SEV-ES SEV-SNP
````
## Reference
https://developer.amd.com/sev/
|
