SEV-SNP guests require different QEMU command line parameters in
comparison to SEV-ES, so adjust the QEMU options accordingly. It is
important to note that SEV-SNP guests have some additional requirements
versus an SEV/SEV-ES guest:
- bios: SEV-SNP guests need a UEFI BIOS, and unlike with SEV-ES they
cannot be loaded via pflash and instead rely on -bios option.
- cpu: guest CPUID values are validated by SEV-SNP firmware and only
a strictly-validated set of features should be advertised to the
guest. This will usually require the use of an updated/architected
QEMU CPU model version. "-cpu EPYC-v4" is used here as it has
most common set of features compared to EPYC-Milan*/EPYC-Turin*/etc.
models.
- memory-backend-memfd: To support freeing memory after it is
converted from shared->private, QEMU relies on
memory that can be discarded via FALLOC_FL_PUNCH_HOLE, which
is provided via object memory-backend-memfd.
Add these options to the QEMU cmdline (in x86/eri/run) for bringing up
SEV-SNP guest only when EFI_SNP is enabled.
Signed-off-by: Pavan Kumar Paluri <papaluri@xxxxxxx>
---
x86/efi/README.md | 6 ++++++
x86/efi/run | 33 +++++++++++++++++++++++++--------
2 files changed, 31 insertions(+), 8 deletions(-)
diff --git a/x86/efi/README.md b/x86/efi/README.md
index af6e339c2cca..2c61dba336ec 100644
--- a/x86/efi/README.md
+++ b/x86/efi/README.md
@@ -34,6 +34,12 @@ the env variable `EFI_UEFI`:
EFI_UEFI=/path/to/OVMF.fd ./x86/efi/run ./x86/msr.efi
+### Run SEV-SNP tests with UEFI
+
+To run SEV-SNP related unit tests with UEFI:
+
+ EFI_SNP=y ./x86/efi/run ./x86/amd_sev.efi
+
## Code structure
### Code from GNU-EFI
diff --git a/x86/efi/run b/x86/efi/run
index 85aeb94fe605..da74eef4bd58 100755
--- a/x86/efi/run
+++ b/x86/efi/run
@@ -18,6 +18,7 @@ source config.mak
: "${EFI_TEST:=efi-tests}"
: "${EFI_SMP:=1}"
: "${EFI_CASE:=$(basename $1 .efi)}"
+: "${EFI_SNP:=n}"
if [ ! -f "$EFI_UEFI" ]; then
echo "UEFI firmware not found: $EFI_UEFI"
@@ -54,11 +55,27 @@ cp "$EFI_SRC/$EFI_CASE.efi" "$EFI_CASE_BINARY"
# to x86/run. This `smp` flag overrides any previous `smp` flags (e.g.,
# `-smp 4`). This is necessary because KVM-Unit-Tests do not currently support
# SMP under UEFI. This last flag should be removed when this issue is resolved.
-"$TEST_DIR/run" \
- -drive file="$EFI_UEFI",format=raw,if=pflash,readonly=on \
- -drive file.dir="$EFI_TEST/$EFI_CASE/",file.driver=vvfat,file.rw=on,format=raw,if=virtio \
- -net none \
- -nographic \
- -m 256 \
- "$@" \
- -smp "$EFI_SMP"
+if [ "$EFI_SNP" != "y" ]; then
+ "$TEST_DIR/run" \
+ -drive file="$EFI_UEFI",format=raw,if=pflash,readonly=on \
+ -drive file.dir="$EFI_TEST/$EFI_CASE/",file.driver=vvfat,file.rw=on,format=raw,if=virtio \
+ -net none \
+ -nographic \
+ -m 256 \
+ "$@" \
+ -smp "$EFI_SMP"
+
+else
+ "$TEST_DIR/run" \
+ -bios "${EFI_UEFI}" \
+ -drive file.dir="$EFI_TEST/$EFI_CASE/",file.driver=vvfat,file.rw=on,format=raw,if=virtio \
+ -net none \
+ -nographic \
+ -m 256 \
+ -object memory-backend-memfd,id=ram1,size=256M,share=true,prealloc=false \
+ -machine q35,confidential-guest-support=sev0,memory-backend=ram1 \
+ -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1 \
+ -cpu EPYC-v4 \
+ "$@" \
+ -smp "$EFI_SMP"
+fi
--
2.34.1
