Requirements to launch SEV guest

[bencw12]

Hi, I've been working on my own implementation of SEV in Rust following along with the implementation in QEMU, but I'm unsure on some of the details of booting an SEV guest:

1. I know that QEMU uses OVMF to boot SEV guests, but is it required to use guest firmware to boot in any implementation, or could SEV still work by jumping directly to the guest kernel from the VMM?
2. Are there any MSRs or other capabilities that the hypervisor or the guest bios need to set that aren't set by KVM before booting the guest kernel?
3. Why does the guest firmware need to be encrypted before VM_RUN?
4. What other than the launch commands (LAUNCH_START, LAUNCH_UPDATE_DATA, etc.) needs to be done in order for SEV to be enabled in the guest?

So far I am able to successfully issue LAUNCH_FINISH, but once control is passed to the kernel the VM either crashes, or boots to a shell but is unable to run encrypted code and dmesg does not show that SEV is enabled. I know that my host machine is configured correctly because I can successfully launch an SEV guest using the scripts in this repo.

All help is much appreciated, thanks!

[tlendacky]

Hi, I've been working on my own implementation of SEV in Rust following along with the implementation in QEMU, but I'm unsure on some of the details of booting an SEV guest:

1. I know that QEMU uses OVMF to boot SEV guests, but is it required to use guest firmware to boot in any implementation, or could SEV still work by jumping directly to the guest kernel from the VMM?

It's possible, but we didn't add support for getting the kernel into the proper configuration with a direct jump to it. It all depends on what the VMM does from a vCPU perspective, etc.

2. Are there any MSRs or other capabilities that the hypervisor or the guest bios need to set that aren't set by KVM before booting the guest kernel?

Off hand, nothing that I'm aware of... but it has been a while since I've looked at the boot up paths in OVMF to see if that is a true statement. The main thing will be pagetable setup and the proper use of the encryption bit within it.

3. Why does the guest firmware need to be encrypted before VM_RUN?

All instruction fetches in a guest are decrypted, so if you don't encrypt the guest firmware before executing the first instruction, nothing will work.

4. What other than the launch commands (LAUNCH_START, LAUNCH_UPDATE_DATA, etc.) needs to be done in order for SEV to be enabled in the guest?

I'm not sure I follow the scope of your question... from a SEV firmware point of view? from a VMM point of view? from a guest kernel point of view?

There's probably way too much to identify here. You should look at the initial commits for SEV in Qemu, EDK2 (OVMF) and Linux (guest support and hypervisor support) to understand what is fully needed.

So far I am able to successfully issue LAUNCH_FINISH, but once control is passed to the kernel the VM either crashes, or boots to a shell but is unable to run encrypted code and dmesg does not show that SEV is enabled. I know that my host machine is configured correctly because I can successfully launch an SEV guest using the scripts in this repo.

It's hard to know exactly what is occuring. What entry point in the Linux kernel are you jumping to? Is it a compressed kernel? More information is needed to help identify what could possibly be going wrong here.

All help is much appreciated, thanks!

[viniul]

Hi,

I am currently faced with the same question. Basically, for debugging purposes, I want to run very simplistic assembly code in the machine. Think something very simple like:

        movw $42, %ax
        movw %ax, 0x400
        hlt

This code runs in a simple kvm setting, however, in an AMD-SEV setting (note: not SEV-ES), the KVM_RUN ioctl hangs. I am not sure how to debug this best -- is there any operation the guest needs to implement before the first VMEXIT in simple AMD-SEV? If so, where would I find documentation on those requirements? For example, can the need for EDK2 be bypassed?

Note that I do not care about attestation in the guest, I simply want to run an encrypted VM with minimal assembly code -- any way to achieve this?

[tlendacky]

I'm assuming you performed all of the LAUNCHUPDATE* operations, so start with just the HLT instruction and see if it works. It could be that the second instruction (movw %ax, 0x400) is taking a #NPF over and over, hence appearing to be hung... you can probably activate some KVM tracing to see what is happening (look in /sys/kernel/tracing/events/{kvm,kvmmmu}).

Depending on what you are trying to do, EDK2/OVMF may not be required, so just having the instructions to execute is enough.

[viniul]

Thank you very much @tlendacky -- the problem turned out to be that I called KVM_CREATE_VCPU too early (before KVM_SEV_INIT, which made the call fail). I can confirm now that the assembly as noted above runs without any issues.