From 0bbc787b5ccba3f77268acc060fd50dd4cf95eb1 Mon Sep 17 00:00:00 2001 From: Jo Van Bulck Date: Mon, 12 Feb 2024 19:52:09 +0100 Subject: [PATCH] README: Improve SEV-SNP installation instructions --- README.md | 42 ++++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 9cb9db5224e5..f2ebfabbac95 100644 --- a/README.md +++ b/README.md @@ -38,14 +38,22 @@ Newer SNP host/kernel support now relies on new kernel infrastructure for managi ## Build +First install build dependencies. The following has been tested on Ubuntu 22.04: + +``` +# apt install build-essential ninja-build python-is-python3 flex bison libncurses-dev gawk openssl libssl-dev dkms libelf-dev libudev-dev libpci-dev libiberty-dev autoconf llvm +# sed -i '/deb-src/s/^# //' /etc/apt/sources.list && apt update +# apt build-dep ovmf qemu-system-x86 linux +``` + The following command builds the host and guest Linux kernel, qemu and ovmf bios used for launching SEV-SNP guest. -```` +``` # git clone https://github.com/AMDESE/AMDSEV.git # git checkout snp-latest # ./build.sh --package # sudo cp kvm.conf /etc/modprobe.d/ -```` +``` On succesful build, the binaries will be available in `snp-release-`. ## Prepare Host @@ -73,7 +81,7 @@ Reboot the machine and choose SNP Host kernel from the grub menu. Run the following commands to verify that SNP is enabled in the host. -```` +``` # uname -r 5.19.0-rc6-sev-es-snp+ @@ -89,39 +97,45 @@ Y Y # cat /sys/module/kvm_amd/parameters/sev_snp Y - -```` +``` -*NOTE: If your SEV-SNP firmware is older than 1.51, see the "Upgrade SEV firmware" section to upgrade the firmware. * +*NOTE: If your SEV-SNP firmware is older than 1.51, see the "Upgrade SEV firmware" section to upgrade the firmware.* ## Prepare Guest -Note: SNP requires OVMF be used as the guest BIOS in order to boot. This implies that the guest must have been initially installed using OVMF so that a UEFI partition is present. +*Note: SNP requires OVMF be used as the guest BIOS in order to boot. This implies that the guest must have been initially installed using OVMF so that a UEFI partition is present.* If you do not already have an installed guest, you can use the launch-qemu.sh script to create it: -```` +``` +# qemu-img create -f qcow2 30G # ./launch-qemu.sh -hda -cdrom -```` +``` + +*Note: to boot in text-only mode, add `console=ttyS0` to the guest kernel command line when booting in Grub.* + +Boot up a guest (tested with Ubuntu 18.04, 20.04, and 22.04, but any standard *.deb or *.rpm-based distro should work) and install the guest kernel packages built in the previous step. The guest kernel packages are available in 'snp-release-/linux/guest' directory and should be copied (e.g., using SSH) to the guest VM first. -Boot up a guest (tested with Ubuntu 18.04 and 20.04, but any standard *.deb or *.rpm-based distro should work) and install the guest kernel packages built in the previous step. The guest kernel packages are available in 'snp-release-/linux/guest' directory. +``` +# ./launch-qemu.sh -hda +``` ## Launch SNP Guest To launch the SNP guest use the launch-qemu.sh script provided in this repository -```` +``` # ./launch-qemu.sh -hda -sev-snp -```` +``` To launch SNP disabled guest, simply remove the "-sev-snp" from the above command line. Once the guest is booted, run the following command inside the guest VM to verify that SNP is enabled: -```` +``` $ dmesg | grep -i snp AMD Memory Encryption Features active: SEV SEV-ES SEV-SNP -```` +``` ## Upgrade SEV firmware