docs: Add documentation for AMD SEV-SNP

Creating some brief documentation for SEV-SNP, summarizing the links on where to find more information about SEV-SNP, as well as how to build and run Cloud Hypervisor on it. This document is a work in progress and will be updated in future PRs as we add support for it. Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2024-07-02 16:02:37 +00:00 · 2023-08-02 05:20:41 +00:00 · 2023-08-02 05:20:41 +00:00 · 70074ddf9f
commit 70074ddf9f
parent 200cba0e20
1 changed files with 38 additions and 0 deletions
--- a/docs/amd_sev_snp.md
+++ b/docs/amd_sev_snp.md
@ -0,0 +1,38 @@
+# AMD SEV-SNP
+
+### WARNING
+This feature is only currently supported on MSHV.
+
+AMD Secure Encrypted Virtualization & Secure Nested Paging (SEV-SNP) is an AMD
+technology designed to add strong memory integrity protection to help prevent
+malicious hypervisor-based attacks like data replay, memory-remapping and more
+in order to create an isolated execution environment. Here are some useful
+links:
+
+* [SNP Homepage] (https://www.amd.com/en/processors/amd-secure-encrypted-virtualization)
+more information about SEV-SNP technical aspects, design and specification.
+
+## Cloud Hypervisor support
+
+It is required to use a machine which has enabled support for AMD SEV-SNP in
+the BIOS.
+
+On the Cloud Hypervisor side, all you need is to build the project with the
+`sev_snp` feature enabled:
+
+```bash
+cargo build --no-default-features --features "sev_snp"
+```
+
+**Note**
+Please note that `sev_snp` cannot be enabled in conjunction with `tdx` feature flag.
+
+You can run a SEV-SNP VM using the following command:
+
+```bash
+./cloud-hypervisor \
+     --platform sev_snp=on \
+     --cpus boot=1 \
+     --memory size=1G \
+     --disk path=ubuntu.img
+```