Here is a list of information on software versions that we confirm work.
AMD uses https://github.com/AMDESE to host the software stack for SEV. snp-(host)-latest branch contains the latest version of the software for SEV-SNP. Note that sometimes AMD force-pushes to these repositories, removing the previous commits. Therefore, we use forked versions to track changes. A branch name "snp-latest-202311110" means that the branch is a snapshot of the snp-latest branch of that date.
| host kernel version | linux | ovmf | qemu |
|---|---|---|---|
| 6.10.0-rc7 | kvm-next-20240717 | snp-latest-20240510 | snp-latest-20240515 |
| 6.9.0-rc7 | snp-host-latest-20240514 | snp-latest-20240510 | snp-latest-20240515 |
| 6.8.0-rc5 | snp-host-latest-20240221 | snp-latest-20231110 | snp-latest-20240221 |
| 6.6.0-rc1 | snp-host-latest-20231117 | snp-latest-20231110 | snp-latest-20240221 |
Note
- The latest kernel versions (6.9 >=) has a memory performance issue by default due to disabling 2MB THP: see AMDESE/AMDSEV#225
- In short,
echo 1 > /sys/module/kvm/parameters/gmem_2m_enabledif applicable (orgmem_2m_enabled=1in the boot parameter)
- In short,
- Different software might require different qemu command line options
- The current master branch is for 6.9 kernel (this would work for 6.10 as well)
- You can check the following branches for the older version. Each branch has
a nix configuration to build software for that version, as well as have a
proper qemu command line to boot a SNP VM (see
get_snp_direct_qemu_cmd()in the tasks/vm.py for the QEMU command line)
- Intel summarizes TDX software information here.
- Also, Canonical summarizes information on TDX on Ubuntu here.
- Using Ubuntu would make life easier for the most cases
| host kernel version | linux | ovmf | qemu |
|---|---|---|---|
| 6.8.0-rc1 | kvm-upstream-next-20240122 | TDVF-20240105 | tdx-qemu-next-20231208 |
- Software stack: https://github.com/canonical/tdx/tree/mantic-23.10
- Host: Linux 6.5.0-10003-intel-opt
- Guest: Linux 6.7 (mainline)
- OVMF: 2023.05-2+tdx1.0
- Also work: edk2-stating/TDVF (c229fca)
- QEMU: 8.0.4 (Debian 1:8.0.4+dfsg-1ubuntu3+tdx1.0)
- Repo: https://code.launchpad.net/~kobuk-team/ubuntu/+source/qemu/+git/qemu/+ref/tdx
- I also tried several version of intel-staging/qemu-tdx but none of them works with the kernel
- Create a recipe file (See the bottom of https://code.launchpad.net/~kobuk-team/+recipe/tdx-qemu-mantic)
% cat qemu.recipe
# git-build-recipe format 0.4 deb-version {debversion}+tdx.{time}
lp:ubuntu/+source/qemu ubuntu/mantic
merge backport lp:~kobuk-team/ubuntu/+source/qemu tdx
- Clone repository using
git-build-recipe
% sudo apt install git-build-recipe
% git-build-recipe --allow-fallback-to-native --no-build qemu.recipe build
- Build
% nix develop nixpkgs#qemu
% cd ./build/qemu
% mkdir ./build
% cd build
% ../configure --target-list=x86_64-softmmu --enable-kvm --firmwarepath=/usr/share/qemu:/usr/share/seabios:/usr/lib/ipxe/qemu --disable-install-blobs
% make -j$(nproc)
# XXX: for some reason, `--firmwarepath` does not work
# So copy necessary rom files in the directory where you run qemu-system-x86_64
% cp /usr/share/qemu/kvmvapic.bin .
% cp /usr/share/qemu/linuxboot_dma.bin .
% cp /usr/lib/ipxe/qemu/efi-virtio.rom .
- See ./tdx.md