-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update SEV-SNP implementation to run on upstream kernels #243
base: main
Are you sure you want to change the base?
Conversation
KVM requires a VM intended to be run with SEV-SNP encryption to be created with the KVM_X86_SNP_VM type. Signed-off-by: Tyler Fanelli <[email protected]>
Signed-off-by: Tyler Fanelli <[email protected]>
Signed-off-by: Tyler Fanelli <[email protected]>
Signed-off-by: Tyler Fanelli <[email protected]>
With these changes, I'm encountering the following unexpected error immediately after the VM starts:
Will investigate. |
I'd also like to modify this to create one guest_memfd and map all guest memory regions into it (using the |
I know in TDX you need to also set memory attributes after creating the guest memfd and setting the user memory region. I wonder if you have to do that here as well? |
Do you? I wasn't aware of this. Will try it out. |
let attr = kvm_memory_attributes {
address: region.start_addr().raw_value(),
size: region.len() as u64,
// KVM_MEMORY_ATTRIBUTE_PRIVATE,
attributes: 1 << 3,
flags: 0,
};
self.fd
.set_memory_attributes(attr)
.map_err(Error::SetMemoryAttributes)?; Should do the job. Hopefully this saves you time and avoids you having to dig around for it. |
ae99c26
to
28f070d
Compare
Co-developed-by: Jake Correnti <[email protected]> Signed-off-by: Tyler Fanelli <[email protected]>
28f070d
to
3e91667
Compare
Modify the SEV-SNP launch implementation to:
With this, libkrun should be able to run on stock Linux kernels with version >= 6.11. Still completing some testing. Once tested, I will mark this PR as ready for review.