mirrors/alioth
1
0
Fork 0
mirror of https://github.com/google/alioth.git synced 2024-10-23 15:00:13 +00:00
Code Issues Projects Releases Packages Wiki Activity
alioth/docs/coco.md
Changyuan Lyu f88f290ab9 docs(sev): boot AMD-SEV guests with Oak/Stage0 
Signed-off-by: Changyuan Lyu <changyuanl@google.com>
2024-05-22 23:10:49 -07:00

1.2 KiB
Raw Blame History

Confidential Compute (coco)

Alioth supports booting confidential guests on the following platforms:

  • AMD-SEV 1

AMD-SEV guest with Oak/Stage0 firmware

WARNING: the current implementation takes QEMU 2 as a reference and should be used in testing environments only.

To launch an SEV guest,

  1. build the stage0 firmware from the Oak project3,
  2. prepare the guest Linux kernel of ELF format, the initramfs, and the kernel command line in a text file,
  3. for SEV guests, POLICY=0x1, for SEV-ES guests, POLICY=0x5,
  4. launch the guest by 
    ./alioth run -f /path/to/oak_stage0.bin \
    --mem-size 1G \
    --num-cpu 2 \
    --fw-cfg name=opt/stage0/elf_kernel,file=/path/to/elf_kernel \
    --fw-cfg name=opt/stage0/initramfs,file=/path/to/initramfs \
    --fw-cfg name=opt/stage0/cmdline,file=/path/to/cmdline.txt \
    --coco sev,policy=$POLICY