Support for SEV-SNP in guest VMs

Hi @piers, regarding your previous question about Secure Boot—I haven't set it up myself, but I believe it's doable. The main caveat is that Secure Boot must be configured offline since OVMF.fd is volatile.
 
pipo said:
In any case, I opted to proceed with 202411, which allowed me to run SNP VMs—provided that OVMF was compiled without SECURE_BOOT_ENABLE and SMM_REQUIRE. The same applied when running SEV-ES VMs.
Click to expand...
Oh thanks, that's good to know. If this is correct, I think we would need to build a separate firmware without SECURE_BOOT_ENABLE and SMM_REQUIRE to enable SEV-ES and SEV-SNP. That is, use this separate firmware with the `-bios` parameter only when SEV-ES and SEV-SNP are enabled.
 
Last edited:
You must log in or register to reply here.
Top Bottom