Skip to content

Commit

Permalink
Fixed editorial comments.
Browse files Browse the repository at this point in the history
  • Loading branch information
@harneshalaka
harneshalaka committed Sep 26, 2024
1 parent 3f381f2 commit 30d6ca8
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 10 deletions.
Binary file added images/src/png/vm_security_xml_launchsecurity.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added images/src/png/vm_security_xml_os.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
34 changes: 24 additions & 10 deletions xml/vm_security.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ The confidential compute module provides replacement packages supporting AMD SEV
<sect1 xml:id="vm-launch-amd-sv-snp-vm">
<title>Launching an AMD SEV-SNP virtual machine</title>
<para>
You can run AMD SEV-SNP protected virtual machines using the &libvirt; framework once the confidential computing kernel is booted and the AMD Security Processor is initialized.</para>
You can run AMD SEV-SNP protected virtual machines using the &libvirt; framework once the confidential computing kernel is booted and the AMD Secure Processor is initialized.</para>
<para>&libvirt; has several ways of setting up new virtual machines, this document uses a prepared disk image and the virt-manager graphical user interface.</para>
<procedure>
<step><para>Connect virt-manager to the AMD EPYC host and create a new virtual machine.</para></step>
Expand Down Expand Up @@ -153,18 +153,32 @@ You can run AMD SEV-SNP protected virtual machines using the &libvirt; framework
<step>
<para>
To protect the virtual machine with AMD SEV-SNP, set the correct firmware by modifying the <literal>os</literal> section as given below:</para>
<screen>
&lt;os&gt;
&lt;type arch="x86_64" machine="pc-q35-8.2"&gt;hvm /type&gt;
&lt;loader readonly="yes" type="rom"&gt;/usr/share/qemu/ovmf-x86_64-sev.bin /loader&gt;
&lt;boot dev="hd"/&gt;
/os&gt; </screen>
<figure>
<title>Set firmware</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="vm_security_xml_os.png" width="75%"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="vm_security_xml_os.png" width="75%"/>
</imageobject>
</mediaobject>
</figure>
<para>The <literal>loader</literal> line sets the firmware to the SEV version of OVMF.</para>
</step>
<step><para>Add a <literal>launchSecurity</literal> section. For AMD SEV-SNP, the section looks like this:</para>
<screen>&lt;launchSecurity type="sev-snp"&gt;
&lt;policy&gt;0x00030000&lt;/policy&gt;
&lt;/launchSecurity&gt;</screen></step>
<figure>
<title>launchSecurity</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="vm_security_xml_launchsecurity.png" width="75%"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="vm_security_xml_launchsecurity.png" width="75%"/>
</imageobject>
</mediaobject>
</figure>
</step>
<step>
<para>Click <guilabel>Apply</guilabel> and then click the <guilabel>Details</guilabel> tab.</para>
</step>
Expand Down

0 comments on commit 30d6ca8

Please sign in to comment.