From 70074ddf9f12971543dbac5b3cc0b678ebf422dd Mon Sep 17 00:00:00 2001 From: Jinank Jain Date: Wed, 2 Aug 2023 05:20:41 +0000 Subject: [PATCH] docs: Add documentation for AMD SEV-SNP Creating some brief documentation for SEV-SNP, summarizing the links on where to find more information about SEV-SNP, as well as how to build and run Cloud Hypervisor on it. This document is a work in progress and will be updated in future PRs as we add support for it. Signed-off-by: Jinank Jain --- docs/amd_sev_snp.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 docs/amd_sev_snp.md diff --git a/docs/amd_sev_snp.md b/docs/amd_sev_snp.md new file mode 100644 index 000000000..1db743331 --- /dev/null +++ b/docs/amd_sev_snp.md @@ -0,0 +1,38 @@ +# AMD SEV-SNP + +### WARNING +This feature is only currently supported on MSHV. + +AMD Secure Encrypted Virtualization & Secure Nested Paging (SEV-SNP) is an AMD +technology designed to add strong memory integrity protection to help prevent +malicious hypervisor-based attacks like data replay, memory-remapping and more +in order to create an isolated execution environment. Here are some useful +links: + +* [SNP Homepage] (https://www.amd.com/en/processors/amd-secure-encrypted-virtualization) +more information about SEV-SNP technical aspects, design and specification. + +## Cloud Hypervisor support + +It is required to use a machine which has enabled support for AMD SEV-SNP in +the BIOS. + +On the Cloud Hypervisor side, all you need is to build the project with the +`sev_snp` feature enabled: + +```bash +cargo build --no-default-features --features "sev_snp" +``` + +**Note** +Please note that `sev_snp` cannot be enabled in conjunction with `tdx` feature flag. + +You can run a SEV-SNP VM using the following command: + +```bash +./cloud-hypervisor \ + --platform sev_snp=on \ + --cpus boot=1 \ + --memory size=1G \ + --disk path=ubuntu.img +```