Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SNP support #409

Open
pegahnikbakht opened this issue Jul 10, 2024 · 12 comments
Open

SNP support #409

pegahnikbakht opened this issue Jul 10, 2024 · 12 comments

Comments

@pegahnikbakht
Copy link

pegahnikbakht commented Jul 10, 2024

Hi,

I tried to install a SNP based kernel from this repo https://github.com/coconut-svsm/linux but only SEV and SEV-ES are enabled when I boot the kernel, previously I had a kernel with SNP support and the pre-requisites are met. Is there any specific config in make menuconfig that needs to be enabled in order to enable SNP?

Regards,
Pegah

@ramagali24
Copy link

Did you enable all these in your BIOS settings before you install host kernel.

CBS -> CPU Common ->

SEV-ES ASID space limit -> 100

SNP Memory Coverage -> Enabled

SMEE -> Enabled

-> NBIO common ->

SEV-SNP -> Enabled

If you still not see these messages from your host, you can try compile kernel using script.
sudo dmesg | grep SEV
[ 0.000000] SEV-SNP: RMP table physical range [0x000000bf8d200000 - 0x000000c04d7fffff]
[ 22.544585] ccp 0000:03:00.5: SEV API:1.55 build:24
[ 22.544597] ccp 0000:03:00.5: SEV-SNP API:1.55 build:24
[ 22.563664] kvm_amd: SEV enabled (ASIDs 100 - 1006)
[ 22.563666] kvm_amd: SEV-ES enabled (ASIDs 1 - 99)
[ 22.563667] kvm_amd: SEV-SNP enabled (ASIDs 1 - 99)

HOST kernel build script.

set -eux

VER="-snp-host"
COMMIT=$(git log --format="%h" -1 HEAD)

cp /boot/config-$(uname -r) .config
./scripts/config --set-str LOCALVERSION "$VER-$COMMIT"
./scripts/config --disable LOCALVERSION_AUTO
./scripts/config --enable DEBUG_INFO
./scripts/config --enable DEBUG_INFO_REDUCED
./scripts/config --enable EXPERT
./scripts/config --enable AMD_MEM_ENCRYPT
./scripts/config --disable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
./scripts/config --enable KVM_AMD_SEV
./scripts/config --module CRYPTO_DEV_CCP_DD
./scripts/config --disable SYSTEM_TRUSTED_KEYS
./scripts/config --disable SYSTEM_REVOCATION_KEYS
./scripts/config --module SEV_GUEST
./scripts/config --disable IOMMU_DEFAULT_PASSTHROUGH

yes "" | make olddefconfig

make -j$(nproc) LOCAL_VERSION=
sudo make -j$(nproc) modules_install
sudo make -j$(nproc) install

@pegahnikbakht
Copy link
Author

pegahnikbakht commented Jul 11, 2024

@ramagali24 I have the bios settings enabled and previously I had a kernel 6.9 with SNP which worked fine, but I tired to install SVSM (downgrade to kernel 6.8) even with the script that you provided above, but still SNP is not enabled.
I get the following error or warning:

sudo dmesg | grep SEV

[   16.294186] ccp 0000:47:00.1: SEV API:1.55 build:17
[   16.332809] kvm_amd: SEV enabled (ASIDs 100 - 509)
[   16.332810] kvm_amd: SEV-ES enabled (ASIDs 1 - 99)
sudo dmesg | grep sev
[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-6.8.0-rc6-snp-host-d206a76d7d27 root=UUID=8368bb81-e86c-4e21-a51d-8a39b7b503ed ro nomodeset console=tty0 console=ttyS1,115200n8 modprobe.blacklist=btrfs mem_encrypt=on kvm_amd.sev=1
[    0.082135] Kernel command line: BOOT_IMAGE=/vmlinuz-6.8.0-rc6-snp-host-d206a76d7d27 root=UUID=8368bb81-e86c-4e21-a51d-8a39b7b503ed ro nomodeset console=tty0 console=ttyS1,115200n8 modprobe.blacklist=btrfs mem_encrypt=on kvm_amd.sev=1
[   16.219512] ccp 0000:47:00.1: sev enabled
[   16.309452] kvm_amd: unknown parameter 'sev-snp' ignored

@pegahnikbakht
Copy link
Author

This is what I get with kernel 6.9 that I had before:

 sudo dmesg | grep SEV
[    0.000000] SEV-SNP: RMP table physical range [0x0000000097f00000 - 0x00000000a84fffff]
[   17.031219] ccp 0000:47:00.1: SEV API:1.55 build:17
[   17.038573] ccp 0000:47:00.1: SEV-SNP API:1.55 build:17
[   17.084122] kvm_amd: SEV enabled (ASIDs 100 - 509)
[   17.099101] kvm_amd: SEV-ES enabled (ASIDs 1 - 99)
[   17.099102] kvm_amd: SEV-SNP enabled (ASIDs 1 - 99)

@roy-hopkins
Copy link
Collaborator

Which branch are you using? It should be: https://github.com/coconut-svsm/linux/tree/svsm.

@pegahnikbakht
Copy link
Author

@roy-hopkins Yes I'm using this branch https://github.com/coconut-svsm/linux/tree/svsm I tried main and some of the releases, same issue.

@rnldourado
Copy link

I have the same problem, I'm the SNP enabled in the BIOS and using the kernel host at the SVSM branch, but in the dmesg output we can see only SEV and SEV-ES enabled.

@rnldourado
Copy link

@pegahnikbakht So I found a solution to this problem, you need to upgrade the SEV firmware, to do this follow the instructions in this link: https://github.com/AMDESE/AMDSEV/tree/snp-latest?tab=readme-ov-file#upgrade-sev-firmware
I hope to help!

@pegahnikbakht
Copy link
Author

@rnldourado Thanks, will try that!

@pegahnikbakht
Copy link
Author

pegahnikbakht commented Sep 2, 2024

I'm getting this error now:
The host kenerl is 6.8.0-snp-host-bc4de28e0cc1+

[   17.316107] kvm_amd: SEV enabled (ASIDs 100 - 509)
[   17.316109] kvm_amd: SEV-ES enabled (ASIDs 1 - 99)
[   17.316110] kvm_amd: SEV-SNP enabled (ASIDs 1 - 99)
[   55.775887] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[   70.668578] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[   83.668449] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[   95.652849] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[  108.672256] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[  123.693292] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[  136.646189] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[  149.656732] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[  164.666443] kvm_amd: SEV-SNP requires private memory support via guest_memfd.

any idea?

@Freax13
Copy link
Contributor

Freax13 commented Sep 2, 2024

I'm getting this error now: The host kenerl is 6.8.0-snp-host-bc4de28e0cc1+

[   17.316107] kvm_amd: SEV enabled (ASIDs 100 - 509)
[   17.316109] kvm_amd: SEV-ES enabled (ASIDs 1 - 99)
[   17.316110] kvm_amd: SEV-SNP enabled (ASIDs 1 - 99)
[   55.775887] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[   70.668578] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[   83.668449] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[   95.652849] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[  108.672256] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[  123.693292] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[  136.646189] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[  149.656732] kvm_amd: SEV-SNP requires private memory support via guest_memfd.
[  164.666443] kvm_amd: SEV-SNP requires private memory support via guest_memfd.

any idea?

Did you use the patched QEMU mentioned in the docs?

@pegahnikbakht
Copy link
Author

pegahnikbakht commented Sep 2, 2024

I'm following this doc installation guide , and I get the error before building the Qemu, not in that step yet! I got the error in preparing the host.

@Freax13
Copy link
Contributor

Freax13 commented Sep 2, 2024

Fair enough. Try enabling the CONFIG_KVM_PRIVATE_MEM config option for the kernel.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants