/usr/local/bin/qemu-system-x86_64 -enable-kvm -cpu EPYC -machine q35 -smp 4,maxcpus=64 -m 4096M,slots=5,maxmem=30G -no-reboot -drive if=pflash,format=raw,unit=0,file=/usr/local/share/qemu/OVMF_CODE.fd,readonly -drive if=pflash,format=raw,unit=1,file=/home/sev-host/amdsev/focal.fd -netdev user,id=vmnic -device e1000,netdev=vmnic,romfile= -drive file=/home/sev-host/amdsev/focal.qcow2,if=none,id=disk0,format=qcow2 -device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=true -device scsi-hd,drive=disk0 -object sev-guest,id=sev0,policy=0x5,cbitpos=47,reduced-phys-bits=1 -machine memory-encryption=sev0,vmport=off -nographic -vnc :0 -monitor pty -monitor unix:monitor,server,nowait
Notes
<image_name>.fd(e.g.,focal.fd) is automatically generated. It is copied fromOVMF_VARS.fd.-object sev-guest,id=sev0,policy=0x5,cbitpos=47,reduced-phys-bits=1 -machine memory-encryption=sev0,vmport=offenables sev-es.-device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=truevirtio-scsi- XXX: irqchip enabled?
-netdev user,id=vmnic -device e1000,netdev=vmnic,romfile=enables e1000 nic. Otherwise, default slirp (user-level) networking is used.