search

AMDESE / AMDSEV

AMD Secure Encrypted Virtualization
272 stars 84 forks source link

wheres the code for guest kernel 6.1.0 ? #182

Open aep opened 9 months ago

aep commented 9 months ago

it looks like AMDESE/linux was forced push. snp-latest now contains kernel 6.5, which doesnt boot on a host with the previous 6.1 kernel

is there any tag that saved the working kernel?

tlendacky commented 9 months ago

Any current Linux kernel should work. So you can use a Linux 6.3/4/5, etc. (all the way back to 5.19 I believe) for the guest. Can you post more details of where the boot failure is occurring, I wouldn't think that it should.

aep commented 9 months ago

hi. as far as i understand all minor versions need to match up. any other combination results in

qemu-system-x86_64: warning: Restricted memory (UPM) enabled, disabling SMM. Memory discard mode: none
qemu-system-x86_64: warning: creating ROM device with private memory.
qemu-system-x86_64: warning: creating ROM device with private memory.
KVM: unknown exit reason 24
EAX=0000001a EBX=00000073 ECX=00000000 EDX=00000000
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=00000000 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 00000000 00000000
CS =0000 00000000 00000000 00000000
SS =0000 00000000 00000000 00000000
DS =0000 00000000 00000000 00000000
FS =0000 00000000 00000000 00000000
GS =0000 00000000 00000000 00000000
LDT=0000 00000000 00000000 00000000
TR =0000 00000000 00000000 00000000
GDT=     00000000 00000000
IDT=     00000000 00000000
CR0=80050033 CR2=00000000 CR3=00000000 CR4=00000020
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000900
Code=<??> ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
tlendacky commented 9 months ago

hi. as far as i understand all minor versions need to match up.

That's not true. The SNP hypervisor changes should not be visible to the guest. Is that all the output you get? That would say that you are failing in OVMF (assuming that you enable serial output for OVMF in the build and qemu command line).

Is there any host dmesg output associated with that instance of the VM?

aep commented 9 months ago

pretty sure its the kernel. this OVMF is the one that is known to work. (it has debug disabled) a newer version of OVMF will fail earlier, let me get the log

host dmest just reports

[6316344.629549] kvm_amd: SEV-ES guest requested termination: 0x0:0x0
tlendacky commented 9 months ago

So that means that the guest encountered some kind of error when booting. The question is where in the decompression part of the kernel or the kernel proper that was encountered.

If you're comfortable making changes to the kernel source, you can locate the places where GHCB_SEV_ES_GEN_REQ is used and replace them with individually unique values (values between 3 and 15 are currently unused). The instance in arch/x86/kernel/sev-shared.c could be used by the decompressor and the kernel proper, but lets not worry about that right now.