qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 09/15] docs/system: Add documentation on support for IGVM


From: Roy Hopkins
Subject: Re: [PATCH v3 09/15] docs/system: Add documentation on support for IGVM
Date: Mon, 01 Jul 2024 15:28:34 +0100
User-agent: Evolution 3.50.2

On Mon, 2024-06-24 at 15:09 +0100, Daniel P. Berrangé wrote:
> On Fri, Jun 21, 2024 at 03:29:12PM +0100, Roy Hopkins wrote:
> > IGVM support has been implemented for Confidential Guests that support
> > AMD SEV and AMD SEV-ES. Add some documentation that gives some
> > background on the IGVM format and how to use it to configure a
> > confidential guest.
> > 
> > Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
> > ---
> >  docs/system/i386/amd-memory-encryption.rst |   2 +
> >  docs/system/igvm.rst                       | 157 +++++++++++++++++++++
> >  docs/system/index.rst                      |   1 +
> >  3 files changed, 160 insertions(+)
> >  create mode 100644 docs/system/igvm.rst
> 
> > diff --git a/docs/system/igvm.rst b/docs/system/igvm.rst
> > new file mode 100644
> > index 0000000000..b6e544a508
> > --- /dev/null
> > +++ b/docs/system/igvm.rst
> 
> > +Running a Confidential Guest configured using IGVM
> > +--------------------------------------------------
> > +
> > +To run a confidential guest configured with IGVM you need to add an
> > +``igvm-cfg`` object and refer to it from the ``-machine`` parameter:
> > +
> > +Example (for AMD SEV)::
> > +
> > +    qemu-system-x86_64 \
> > +        <other parameters> \
> > +        -machine ...,confidential-guest-support=sev0,igvm-cfg=igvm0 \
> > +        -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 \
> > +        -object igvm-cfg,id=igvm0,file=/path/to/guest.igvm
> 
> Perhaps also illustrate use of your 'buildigvm' tool for creating
> the igvm file first, assuming that's the tool users are most likely
> to end up needing ?
> 
> 
> With regards,
> Daniel

I'm not sure it is the tool that _most_ people will end up using, but it is a
good example and I'm not aware of many other examples of IGVM build tools.

IGVM is likely to be used to package guests with custom configuration
requirements, such as the COCONUT-SVSM usage where the SVSM kernel is packaged
along with OVMF, configuration and other data required to launch a guest running
with a range of privilege levels in a confidential virtual machine.

But for the purposes of testing and examples it makes sense to update the
documentation to describe how to use the 'buildigvm' tool so I'll update the
docs.

Regards,
Roy



reply via email to

[Prev in Thread] Current Thread [Next in Thread]