From df90539b9e7ee75c206d5b77d4f1b94882d090c7 Mon Sep 17 00:00:00 2001
From: Louis Burda <quent.burda@gmail.com>
Date: Wed, 1 Feb 2023 16:57:26 -0600
Subject: Add guest provisioning scripts and instructions

---
 qemu/.gitignore       |  7 +++++++
 qemu/cmdline          |  1 +
 qemu/install.sh       | 31 +++++++++++++++++++++++++++++++
 qemu/launch-victim.sh | 31 +++++++++++++++++++++++++++++++
 qemu/launch.sh        | 17 +++++++++++++++++
 5 files changed, 87 insertions(+)
 create mode 100644 qemu/.gitignore
 create mode 100644 qemu/cmdline
 create mode 100755 qemu/install.sh
 create mode 100755 qemu/launch-victim.sh
 create mode 100755 qemu/launch.sh

(limited to 'qemu')

diff --git a/qemu/.gitignore b/qemu/.gitignore
new file mode 100644
index 0000000..3efd592
--- /dev/null
+++ b/qemu/.gitignore
@@ -0,0 +1,7 @@
+monitor
+stdout.log
+*.fd
+*.qcow2
+*.iso
+initrd.img-*
+vmlinuz-*
diff --git a/qemu/cmdline b/qemu/cmdline
new file mode 100644
index 0000000..fb547fd
--- /dev/null
+++ b/qemu/cmdline
@@ -0,0 +1 @@
+BOOT_IMAGE=/boot/vmlinuz-5.19.0-rc6-snp-guest-d9bd54fea4d2 root=UUID=a0bc580b-fe27-4aa9-b795-6bde981ba954 ro quiet
diff --git a/qemu/install.sh b/qemu/install.sh
new file mode 100755
index 0000000..a3740cc
--- /dev/null
+++ b/qemu/install.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -ex
+
+gitroot=$(git rev-parse --show-toplevel)
+cd "$gitroot/qemu"
+
+DISK="debian11.qcow2"
+DEBIANISO="debian-11.4.0-amd64-DVD-1.iso"
+
+if [ ! -e "$DISK" ]; then
+	echo "Creating guest disk.."
+	qemu-img create -f qcow2 "$DISK" 20G
+fi
+
+if [ ! -e "$DEBIANISO" ]; then
+	echo "Downloading debian DVD image.."
+	wget "https://cdimage.debian.org/mirror/cdimage/archive/11.4.0/amd64/iso-dvd/debian-11.4.0-amd64-DVD-1.iso" -O "$DEBIANISO"
+fi
+
+sudo LIBVIRT_DEBUG=1 virsh net-start default 2>&1 | grep -i warning || true
+
+sudo PREFIX="$gitroot/AMDSEV" "$gitroot/AMDSEV/launch-qemu.sh" \
+	-hda "$DISK" \
+	-console serial \
+	-vnc 1 \
+	-mem 2024 \
+	-smp 1,cores=4,threads=2 \
+	-allow-debug \
+	-cdrom "$DEBIANISO"
+
diff --git a/qemu/launch-victim.sh b/qemu/launch-victim.sh
new file mode 100755
index 0000000..80e84ad
--- /dev/null
+++ b/qemu/launch-victim.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -ex
+
+gitroot=$(git rev-parse --show-toplevel)
+cd "$gitroot/qemu"
+
+if [ ! -e cmdline ]; then
+	echo "Missing qemu/cmdline.."
+	exit 1
+fi
+
+if [ ! -e debian11_encrypted.qcow2 ]; then
+	echo "Copying disk.."
+	rsync -a --info=progress2 debian11.qcow2 debian11_encrypted.qcow2
+fi
+
+sudo LIBVIRT_DEBUG=1 virsh net-start default 2>&1 | grep -i warning || true
+
+sudo PREFIX=$gitroot/AMDSEV $gitroot/AMDSEV/launch-qemu.sh \
+	-hda debian11_encrypted.qcow2 \
+	-console serial \
+	-vnc 1 \
+	-mem 2024 \
+	-smp 1,cores=1,threads=1 \
+	-allow-debug \
+	-initrd initrd.img-5.19.0-rc6-snp-guest-d9bd54fea4d2 \
+	-kernel vmlinuz-5.19.0-rc6-snp-guest-d9bd54fea4d2 \
+	-append "$(cat cmdline)" \
+	-sev-snp
+
diff --git a/qemu/launch.sh b/qemu/launch.sh
new file mode 100755
index 0000000..c99e54e
--- /dev/null
+++ b/qemu/launch.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -ex
+
+gitroot=$(git rev-parse --show-toplevel)
+cd "$gitroot/qemu"
+
+sudo LIBVIRT_DEBUG=1 virsh net-start default 2>&1 | grep -i warning || true
+
+sudo PREFIX=$gitroot/AMDSEV $gitroot/AMDSEV/launch-qemu.sh \
+	-hda debian11.qcow2 \
+	-console serial \
+	-vnc 1 \
+	-mem 2024 \
+	-smp 1,cores=4,threads=2 \
+	-allow-debug
+
-- 
cgit v1.2.3-71-gd317