sev-snp-howto-v2.txt

==========================================================================
0. Building a qcow image, instructions at this link
==========================================================================
https://github.com/AMDESE/AMDSEV

==========================================================================
1. Building the host and guest kernels, instructions at this link, please
   build the 5.19-rc6 kernel
==========================================================================
https://github.com/AMDESE/AMDSEV/tree/sev-snp-devel
- After the build please grab the guest vmlinuz, initrd and cat /proc/cmdline
  this is requred in step 4

==========================================================================
2. Ovmf Build
==========================================================================
git clone https://github.com/confidential-containers-demo/edk2.git
cd edk2
git checkout snp-kernel-hashes-v3
git submodule update --init --recursive
make -C BaseTools
. ./edksetup.sh --reconfig
touch OvmfPkg/AmdSev/Grub/grub.efi
build --cmd-len=64436 -t "GCC5"  -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc

# Create the ovmf code and NVRAM files
d=Build/AmdSev/DEBUG_GCC5/FV; dd if=$d/OVMF.fd of=$d/OVMF_CODE.fd skip=540672 bs=1; dd if=$d/OVMF.fd of=$d/OVMF_VARS.fd count=540672 bs=1

==========================================================================
3. Qemu Build
==========================================================================
git clone https://github.com/confidential-containers-demo/qemu.git
git checkout snp-kernel-hashes-v3
./configure --target-list=x86_64-softmmu
make -j  $(getconf _NPROCESSORS_ONLN)
cp build/qemu-system-x86_64 ./some target dir i.e. /usr/local/share/qemu/bin/qemu-system-x86_64

==========================================================================
4. Running the guest.
==========================================================================
- for kernel, initrd, append - substitute with your environment values

ovmfpath=/..../edk2/Build/AmdSev/DEBUG_GCC5/FV
/usr/local/share/qemu/bin/qemu-system-x86_64-mjs --enable-kvm  \
        -cpu EPYC-Milan-v2 \
        -machine pc-q35-7.1 \
        -smp 4 \
        -m 4000M \
        -nographic \
        -no-reboot \
        -kernel /home/amd/qemu-boot-param/snp-bins/vmlinuz-5.19.0-rc6-snp-guest-d9bd54fea4d2 \
        -initrd /home/amd/qemu-boot-param/snp-bins/initrd.img-5.19.0-rc6-snp-guest-d9bd54fea4d2 \
        -append "BOOT_IMAGE=/boot/vmlinuz-5.19.0-rc6-snp-guest-d9bd54fea4d2 root=UUID=49efb7f5-9b04-4654-96a1-a10792477241 console=ttyS0" \
        -machine memory-encryption=sev0,vmport=off \
        -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,kernel-hashes=on \
        -drive if=pflash,format=raw,unit=0,file=${ovmfpath}/OVMF_CODE.fd,readonly=on \
        -drive if=pflash,format=raw,unit=1,file=${ovmfpath}/OVMF_VARS.fd \
        -drive file=../${drive},if=none,id=disk0,format=qcow2 \
        -device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=on \
        -netdev user,hostfwd=tcp::10025-:22,id=vmnic -device e1000,netdev=vmnic,romfile= \
        -device scsi-hd,drive=disk0 \
        -monitor pty \
        -qmp tcp:localhost:4445,server,nowait 2>&1 | tee boot.out

==========================================================================
5. Getting and verifying the launch measure [Larry]
==========================================================================
- snp-ar tool - instructions to install, and after reboot it stops working
-  ./larry_snp_measure.sh - command details