runtime: Support for AMD SEV-SNP VMs

This commit adds AMD SEV-SNP as a confidential guest option to the runtime. Information on required components such as OVMF, QEMU and a kernel supporting SEV-SNP are defined in the versions file and corresponding configs are added. Note: The CPU model 'host' provided by the current SNP-QEMU does not support all SNP capabilities yet, which is why this option is changed to EPYC-v4. Note: The guest's physical address space reduction specified with ReducedPhysBits is 1. Details are can be found in Section 15.34.6 here https://www.amd.com/system/files/TechDocs/24593.pdf Fixes #4437 Signed-off-by: Joana Pecholt <joana.pecholt@aisec.fraunhofer.de>
2025-12-19 07:14:22 +01:00 · 2022-08-23 10:42:01 +02:00
parent a2bbd29422
commit 22bda0838c
9 changed files with 95 additions and 0 deletions
--- a/src/runtime/virtcontainers/qemu_arm64_test.go
+++ b/src/runtime/virtcontainers/qemu_arm64_test.go
@@ -209,6 +209,13 @@ func TestQemuArm64AppendProtectionDevice(t *testing.T) {
 	assert.Empty(bios)
 	assert.NoError(err)

+	// SNP protection
+	arm64.(*qemuArm64).protection = snpProtection
+	devices, bios, err = arm64.appendProtectionDevice(devices, firmware, "")
+	assert.Empty(devices)
+	assert.Empty(bios)
+	assert.NoError(err)
+
 	// TDX protection
 	arm64.(*qemuArm64).protection = tdxProtection
 	devices, bios, err = arm64.appendProtectionDevice(devices, firmware, "")