cloud-hypervisor/docs/amd_sev_snp.md
Muminul Islam 4cea713adf docs: Add documentations for MSHV and related features
This patch adds brief overview and relation of mshv,
igvm, and sev-snp features.

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2023-11-10 11:30:40 -08:00

1.2 KiB

AMD SEV-SNP

WARNING

This feature is only currently supported on MSHV.

AMD Secure Encrypted Virtualization & Secure Nested Paging (SEV-SNP) is an AMD technology designed to add strong memory integrity protection to help prevent malicious hypervisor-based attacks like data replay, memory-remapping and more in order to create an isolated execution environment. Here are some useful links:

Cloud Hypervisor support

It is required to use a machine which has enabled support for AMD SEV-SNP in the BIOS.

On the Cloud Hypervisor side, all you need is to build the project with the sev_snp feature enabled:

cargo build --no-default-features --features "sev_snp"

Note Please note that sev_snp cannot be enabled in conjunction with tdx feature flag.

You can run a SEV-SNP VM using the following command:

./cloud-hypervisor \
     --platform sev_snp=on \
     --cpus boot=1 \
     --memory size=1G \
     --disk path=ubuntu.img

For more information related to Microsoft Hypervisor please see mshv.md