Open pegahnikbakht opened 1 month ago
Did you enable all these in your BIOS settings before you install host kernel.
If you still not see these messages from your host, you can try compile kernel using script. sudo dmesg | grep SEV [ 0.000000] SEV-SNP: RMP table physical range [0x000000bf8d200000 - 0x000000c04d7fffff] [ 22.544585] ccp 0000:03:00.5: SEV API:1.55 build:24 [ 22.544597] ccp 0000:03:00.5: SEV-SNP API:1.55 build:24 [ 22.563664] kvm_amd: SEV enabled (ASIDs 100 - 1006) [ 22.563666] kvm_amd: SEV-ES enabled (ASIDs 1 - 99) [ 22.563667] kvm_amd: SEV-SNP enabled (ASIDs 1 - 99)
set -eux
VER="-snp-host" COMMIT=$(git log --format="%h" -1 HEAD)
cp /boot/config-$(uname -r) .config ./scripts/config --set-str LOCALVERSION "$VER-$COMMIT" ./scripts/config --disable LOCALVERSION_AUTO ./scripts/config --enable DEBUG_INFO ./scripts/config --enable DEBUG_INFO_REDUCED ./scripts/config --enable EXPERT ./scripts/config --enable AMD_MEM_ENCRYPT ./scripts/config --disable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT ./scripts/config --enable KVM_AMD_SEV ./scripts/config --module CRYPTO_DEV_CCP_DD ./scripts/config --disable SYSTEM_TRUSTED_KEYS ./scripts/config --disable SYSTEM_REVOCATION_KEYS ./scripts/config --module SEV_GUEST ./scripts/config --disable IOMMU_DEFAULT_PASSTHROUGH
yes "" | make olddefconfig
@ramagali24 I have the bios settings enabled and previously I had a kernel 6.9 with SNP which worked fine, but I tired to install SVSM (downgrade to kernel 6.8) even with the script that you provided above, but still SNP is not enabled. I get the following error or warning:
sudo dmesg | grep SEV
[ 16.294186] ccp 0000:47:00.1: SEV API:1.55 build:17
[ 16.332809] kvm_amd: SEV enabled (ASIDs 100 - 509)
[ 16.332810] kvm_amd: SEV-ES enabled (ASIDs 1 - 99)
sudo dmesg | grep sev
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-6.8.0-rc6-snp-host-d206a76d7d27 root=UUID=8368bb81-e86c-4e21-a51d-8a39b7b503ed ro nomodeset console=tty0 console=ttyS1,115200n8 modprobe.blacklist=btrfs mem_encrypt=on kvm_amd.sev=1
[ 0.082135] Kernel command line: BOOT_IMAGE=/vmlinuz-6.8.0-rc6-snp-host-d206a76d7d27 root=UUID=8368bb81-e86c-4e21-a51d-8a39b7b503ed ro nomodeset console=tty0 console=ttyS1,115200n8 modprobe.blacklist=btrfs mem_encrypt=on kvm_amd.sev=1
[ 16.219512] ccp 0000:47:00.1: sev enabled
[ 16.309452] kvm_amd: unknown parameter 'sev-snp' ignored
This is what I get with kernel 6.9 that I had before:
sudo dmesg | grep SEV
[ 0.000000] SEV-SNP: RMP table physical range [0x0000000097f00000 - 0x00000000a84fffff]
[ 17.031219] ccp 0000:47:00.1: SEV API:1.55 build:17
[ 17.038573] ccp 0000:47:00.1: SEV-SNP API:1.55 build:17
[ 17.084122] kvm_amd: SEV enabled (ASIDs 100 - 509)
[ 17.099101] kvm_amd: SEV-ES enabled (ASIDs 1 - 99)
[ 17.099102] kvm_amd: SEV-SNP enabled (ASIDs 1 - 99)
Which branch are you using? It should be: https://github.com/coconut-svsm/linux/tree/svsm.
@roy-hopkins Yes I'm using this branch https://github.com/coconut-svsm/linux/tree/svsm I tried main and some of the releases, same issue.
I have the same problem, I'm the SNP enabled in the BIOS and using the kernel host at the SVSM branch, but in the dmesg
output we can see only SEV and SEV-ES enabled.
@pegahnikbakht So I found a solution to this problem, you need to upgrade the SEV firmware, to do this follow the instructions in this link: https://github.com/AMDESE/AMDSEV/tree/snp-latest?tab=readme-ov-file#upgrade-sev-firmware I hope to help!
@rnldourado Thanks, will try that!
I'm getting this error now: The host kenerl is 6.8.0-snp-host-bc4de28e0cc1+
[ 17.316107] kvm_amd: SEV enabled (ASIDs 100 - 509)
[ 17.316109] kvm_amd: SEV-ES enabled (ASIDs 1 - 99)
[ 17.316110] kvm_amd: SEV-SNP enabled (ASIDs 1 - 99)
[ 55.775887] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[ 70.668578] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[ 83.668449] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[ 95.652849] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[ 108.672256] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[ 123.693292] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[ 136.646189] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[ 149.656732] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[ 164.666443] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
any idea?
I'm getting this error now: The host kenerl is 6.8.0-snp-host-bc4de28e0cc1+
[ 17.316107] kvm_amd: SEV enabled (ASIDs 100 - 509) [ 17.316109] kvm_amd: SEV-ES enabled (ASIDs 1 - 99) [ 17.316110] kvm_amd: SEV-SNP enabled (ASIDs 1 - 99) [ 55.775887] kvm_amd: SEV-SNP requires private memory support via guest_memfd. [ 70.668578] kvm_amd: SEV-SNP requires private memory support via guest_memfd. [ 83.668449] kvm_amd: SEV-SNP requires private memory support via guest_memfd. [ 95.652849] kvm_amd: SEV-SNP requires private memory support via guest_memfd. [ 108.672256] kvm_amd: SEV-SNP requires private memory support via guest_memfd. [ 123.693292] kvm_amd: SEV-SNP requires private memory support via guest_memfd. [ 136.646189] kvm_amd: SEV-SNP requires private memory support via guest_memfd. [ 149.656732] kvm_amd: SEV-SNP requires private memory support via guest_memfd. [ 164.666443] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
any idea?
Did you use the patched QEMU mentioned in the docs?
I'm following this doc installation guide , and I get the error before building the Qemu, not in that step yet! I got the error in preparing the host.
Fair enough. Try enabling the CONFIG_KVM_PRIVATE_MEM
config option for the kernel.
Hi,
I tried to install a SNP based kernel from this repo https://github.com/coconut-svsm/linux but only SEV and SEV-ES are enabled when I boot the kernel, previously I had a kernel with SNP support and the pre-requisites are met. Is there any specific config in make menuconfig that needs to be enabled in order to enable SNP?
Regards, Pegah