surajssd/sev-snp-howto-v2.txt

## sev-snp-howto-v2.txt
==========================================================================
0. Building a qcow image, instructions at this link
==========================================================================
https://github.com/AMDESE/AMDSEV

==========================================================================
1. Building the host and guest kernels, instructions at this link, please
   build the 5.19-rc6 kernel
==========================================================================
https://github.com/AMDESE/AMDSEV/tree/sev-snp-devel
- After the build please grab the guest vmlinuz, initrd and cat /proc/cmdline
  this is requred in step 4

==========================================================================
2. Ovmf Build
==========================================================================
git clone https://github.com/confidential-containers-demo/edk2.git
cd edk2
git checkout snp-kernel-hashes-v3
git submodule update --init --recursive
make -C BaseTools
. ./edksetup.sh --reconfig
touch OvmfPkg/AmdSev/Grub/grub.efi
build --cmd-len=64436 -t "GCC5"  -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc

# Create the ovmf code and NVRAM files
d=Build/AmdSev/DEBUG_GCC5/FV; dd if=$d/OVMF.fd of=$d/OVMF_CODE.fd skip=540672 bs=1; dd if=$d/OVMF.fd of=$d/OVMF_VARS.fd count=540672 bs=1

==========================================================================
3. Qemu Build
==========================================================================
git clone https://github.com/confidential-containers-demo/qemu.git
git checkout snp-kernel-hashes-v3
./configure --target-list=x86_64-softmmu
make -j  $(getconf _NPROCESSORS_ONLN)
cp build/qemu-system-x86_64 ./some target dir i.e. /usr/local/share/qemu/bin/qemu-system-x86_64

==========================================================================
4. Running the guest.
==========================================================================
- for kernel, initrd, append - substitute with your environment values

ovmfpath=/..../edk2/Build/AmdSev/DEBUG_GCC5/FV
/usr/local/share/qemu/bin/qemu-system-x86_64-mjs --enable-kvm  \
        -cpu EPYC-Milan-v2 \
        -machine pc-q35-7.1 \
        -smp 4 \
        -m 4000M \
        -nographic \
        -no-reboot \
        -kernel /home/amd/qemu-boot-param/snp-bins/vmlinuz-5.19.0-rc6-snp-guest-d9bd54fea4d2 \
        -initrd /home/amd/qemu-boot-param/snp-bins/initrd.img-5.19.0-rc6-snp-guest-d9bd54fea4d2 \
        -append "BOOT_IMAGE=/boot/vmlinuz-5.19.0-rc6-snp-guest-d9bd54fea4d2 root=UUID=49efb7f5-9b04-4654-96a1-a10792477241 console=ttyS0" \
        -machine memory-encryption=sev0,vmport=off \
        -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,kernel-hashes=on \
        -drive if=pflash,format=raw,unit=0,file=${ovmfpath}/OVMF_CODE.fd,readonly=on \
        -drive if=pflash,format=raw,unit=1,file=${ovmfpath}/OVMF_VARS.fd \
        -drive file=../${drive},if=none,id=disk0,format=qcow2 \
        -device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=on \
        -netdev user,hostfwd=tcp::10025-:22,id=vmnic -device e1000,netdev=vmnic,romfile= \
        -device scsi-hd,drive=disk0 \
        -monitor pty \
        -qmp tcp:localhost:4445,server,nowait 2>&1 | tee boot.out

==========================================================================
5. Getting and verifying the launch measure [Larry]
==========================================================================
- snp-ar tool - instructions to install, and after reboot it stops working
-  ./larry_snp_measure.sh - command details
	==========================================================================
	0. Building a qcow image, instructions at this link
	==========================================================================
	https://github.com/AMDESE/AMDSEV

	==========================================================================
	1. Building the host and guest kernels, instructions at this link, please
	build the 5.19-rc6 kernel
	==========================================================================
	https://github.com/AMDESE/AMDSEV/tree/sev-snp-devel
	- After the build please grab the guest vmlinuz, initrd and cat /proc/cmdline
	this is requred in step 4

	==========================================================================
	2. Ovmf Build
	==========================================================================
	git clone https://github.com/confidential-containers-demo/edk2.git
	cd edk2
	git checkout snp-kernel-hashes-v3
	git submodule update --init --recursive
	make -C BaseTools
	. ./edksetup.sh --reconfig
	touch OvmfPkg/AmdSev/Grub/grub.efi
	build --cmd-len=64436 -t "GCC5" -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc

	# Create the ovmf code and NVRAM files
	d=Build/AmdSev/DEBUG_GCC5/FV; dd if=$d/OVMF.fd of=$d/OVMF_CODE.fd skip=540672 bs=1; dd if=$d/OVMF.fd of=$d/OVMF_VARS.fd count=540672 bs=1

	==========================================================================
	3. Qemu Build
	==========================================================================
	git clone https://github.com/confidential-containers-demo/qemu.git
	git checkout snp-kernel-hashes-v3
	./configure --target-list=x86_64-softmmu
	make -j $(getconf _NPROCESSORS_ONLN)
	cp build/qemu-system-x86_64 ./some target dir i.e. /usr/local/share/qemu/bin/qemu-system-x86_64

	==========================================================================
	4. Running the guest.
	==========================================================================
	- for kernel, initrd, append - substitute with your environment values

	ovmfpath=/..../edk2/Build/AmdSev/DEBUG_GCC5/FV
	/usr/local/share/qemu/bin/qemu-system-x86_64-mjs --enable-kvm \
	-cpu EPYC-Milan-v2 \
	-machine pc-q35-7.1 \
	-smp 4 \
	-m 4000M \
	-nographic \
	-no-reboot \
	-kernel /home/amd/qemu-boot-param/snp-bins/vmlinuz-5.19.0-rc6-snp-guest-d9bd54fea4d2 \
	-initrd /home/amd/qemu-boot-param/snp-bins/initrd.img-5.19.0-rc6-snp-guest-d9bd54fea4d2 \
	-append "BOOT_IMAGE=/boot/vmlinuz-5.19.0-rc6-snp-guest-d9bd54fea4d2 root=UUID=49efb7f5-9b04-4654-96a1-a10792477241 console=ttyS0" \
	-machine memory-encryption=sev0,vmport=off \
	-object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,kernel-hashes=on \
	-drive if=pflash,format=raw,unit=0,file=${ovmfpath}/OVMF_CODE.fd,readonly=on \
	-drive if=pflash,format=raw,unit=1,file=${ovmfpath}/OVMF_VARS.fd \
	-drive file=../${drive},if=none,id=disk0,format=qcow2 \
	-device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=on \
	-netdev user,hostfwd=tcp::10025-:22,id=vmnic -device e1000,netdev=vmnic,romfile= \
	-device scsi-hd,drive=disk0 \
	-monitor pty \
	-qmp tcp:localhost:4445,server,nowait 2>&1 \| tee boot.out

	==========================================================================
	5. Getting and verifying the launch measure [Larry]
	==========================================================================
	- snp-ar tool - instructions to install, and after reboot it stops working
	- ./larry_snp_measure.sh - command details