blob: 4481a7c5127cb9f1e940fac8f7d185cb87bce21c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
Follow the below steps to build and run the SEV-SNP guest. The step below are tested on Fedora 31 host and guest.
## Build and Install
````
# git clone https://github.com/AMDESE/AMDSEV.git
# git checkout sev-snp-devel
# ./build.sh
# sudo rpm -ivh kernel-*.rpm
# sudo cp kvm.conf /etc/modprobe.d/
````
Edit /etc/defauts/grub to disable the THP, e.g something like this
````
GRUB_CMDLINE_LINUX= .... transparent_hugepage=never
# grub2-mkconfig
````
Reboot the host and choose SNP kernel from the grub menu.
Run the following command to verify that SNP is enabled in the host.
````
# dmesg | grep -i snp
ccp 0000:42:00.1: snp enabled
SEV-SNP API:0.31 build:43
SEV-SNP supported: 99 ASIDs
# cat /sys/module/kvm_amd/parameters/sev
1
# cat /sys/module/kvm_amd/parameters/sev_es
1
# cat /sys/module/kvm_amd/parameters/sev_snp
1
# cat /sys/kernel/mm/transparent_hugepage/enabled
always madvise [never]
````
## Prepare Guest
Boot up the FC31 guest and install the kernel package built in the previous step.
## Launch SNP Guest
To launch the SNP guest use the launch-qemu.sh script provided in this repository
````
# ./launch-qemu.sh -hda <your_qcow2_file> -sev-snp
````
To launch SNP disabled guest, simply remove the "-sev-snp" from the above command line.
Once the guest is booted, run the following command inside the guest VM to verify that SNP is enabled:
````
$ dmesg | grep -i snp
AMD Memory Encryption Features active: SEV SEV-ES SEV-SNP
````
## Reference
https://developer.amd.com/sev/
|
