blob: a4a95802d77136272cf22e0eb2b9067ca335065a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
Follow the below steps to build and run the SEV-SNP guest. The step below are tested on Fedora 31 host and guest.
## Build and Install
````
# git clone https://github.com/AMDESE/AMDSEV.git
# git checkout sev-snp-devel
# ./build.sh
# sudo rpm -ivh kernel-*.rpm
# sudo cp kvm.conf /etc/modprobe.d/
````
Edit /etc/defauts/grub to disable the THP, e.g something like this
````
GRUB_CMDLINE_LINUX= .... transparent_hugepage=never
# grub2-mkconfig
````
Reboot the host and choose SNP kernel from the grub menu.
Run the following command to verify that SNP is enabled in the host.
````
# dmesg | grep -i rmp
SVM: SNP: RMP physical range 0x0000000098500000 - 0x00000000a89fffff
SVM: SNP: RMP table 0xffffa07000000000+0x104fffff
SVM: SNP: SYSCFG MEM_ENCRYPT: enabled SNP_EN: enabled VMPL_EN: enabled RMP_BASE: 0x98500000 RMP_END: 0xa89fffff
SVM: SNP: rmp setup completed!
# cat /sys/module/kvm_amd/parameters/sev
1
# cat /sys/module/kvm_amd/parameters/sev_es
1
# cat /sys/module/kvm_amd/parameters/sev_snp
1
# cat /sys/kernel/mm/transparent_hugepage/enabled
always madvise [never]
````
## Prepare Guest
Boot up the FC31 guest and install the kernel package built in the previous step.
## Launch SNP Guest
To launch the SNP guest use the launch-qemu.sh script provided in this repository
````
# ./launch-qemu.sh -hda <your_qcow2_file> -sev-snp
````
To launch SNP disabled guest, simply remove the "-sev-snp" from the above command line.
Once the guest is booted, run the following command inside the guest VM to verify that SNP is enabled:
````
$ dmesg | grep -i snp
AMD Secure Nested Paging (SEV-SNP) active
````
## Reference
https://developer.amd.com/sev/
|
