mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2024-07-04 17:02:36 +00:00

Jinank Jain 70074ddf9f docs: Add documentation for AMD SEV-SNP

Creating some brief documentation for SEV-SNP, summarizing the links on
where to find more information about SEV-SNP, as well as how to build
and run Cloud Hypervisor on it.

This document is a work in progress and will be updated in future PRs
as we add support for it.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>

2023-09-07 12:52:27 +01:00

1.1 KiB

Raw Blame History

AMD SEV-SNP

WARNING

This feature is only currently supported on MSHV.

AMD Secure Encrypted Virtualization & Secure Nested Paging (SEV-SNP) is an AMD technology designed to add strong memory integrity protection to help prevent malicious hypervisor-based attacks like data replay, memory-remapping and more in order to create an isolated execution environment. Here are some useful links:

[SNP Homepage] (https://www.amd.com/en/processors/amd-secure-encrypted-virtualization) more information about SEV-SNP technical aspects, design and specification.

Cloud Hypervisor support

It is required to use a machine which has enabled support for AMD SEV-SNP in the BIOS.

On the Cloud Hypervisor side, all you need is to build the project with the sev_snp feature enabled:

cargo build --no-default-features --features "sev_snp"

Note Please note that sev_snp cannot be enabled in conjunction with tdx feature flag.

You can run a SEV-SNP VM using the following command:

./cloud-hypervisor \
     --platform sev_snp=on \
     --cpus boot=1 \
     --memory size=1G \
     --disk path=ubuntu.img

1.1 KiB Raw Blame History

AMD SEV-SNP

WARNING

Cloud Hypervisor support

1.1 KiB

Raw Blame History