diff --git a/images/src/png/vm_security_xml_launchsecurity.png b/images/src/png/vm_security_xml_launchsecurity.png new file mode 100644 index 0000000000..39891c1974 Binary files /dev/null and b/images/src/png/vm_security_xml_launchsecurity.png differ diff --git a/images/src/png/vm_security_xml_os.png b/images/src/png/vm_security_xml_os.png new file mode 100644 index 0000000000..6be0f0c042 Binary files /dev/null and b/images/src/png/vm_security_xml_os.png differ diff --git a/xml/vm_security.xml b/xml/vm_security.xml index 8a5ae87b24..9358de6857 100644 --- a/xml/vm_security.xml +++ b/xml/vm_security.xml @@ -111,7 +111,7 @@ The confidential compute module provides replacement packages supporting AMD SEV Launching an AMD SEV-SNP virtual machine -You can run AMD SEV-SNP protected virtual machines using the &libvirt; framework once the confidential computing kernel is booted and the AMD Security Processor is initialized. +You can run AMD SEV-SNP protected virtual machines using the &libvirt; framework once the confidential computing kernel is booted and the AMD Secure Processor is initialized. &libvirt; has several ways of setting up new virtual machines, this document uses a prepared disk image and the virt-manager graphical user interface. Connect virt-manager to the AMD EPYC host and create a new virtual machine. @@ -153,18 +153,32 @@ You can run AMD SEV-SNP protected virtual machines using the &libvirt; framework To protect the virtual machine with AMD SEV-SNP, set the correct firmware by modifying the os section as given below: - -<os> -<type arch="x86_64" machine="pc-q35-8.2">hvm /type> -<loader readonly="yes" type="rom">/usr/share/qemu/ovmf-x86_64-sev.bin /loader> -<boot dev="hd"/> -/os> +
+ Set firmware + + + + + + + + +
The loader line sets the firmware to the SEV version of OVMF. Add a launchSecurity section. For AMD SEV-SNP, the section looks like this: -<launchSecurity type="sev-snp"> -<policy>0x00030000</policy> -</launchSecurity> +
+ launchSecurity + + + + + + + + +
+ Click Apply and then click the Details tab.