mirror of
https://github.com/google/alioth.git
synced 2024-12-01 04:28:20 +00:00
f88f290ab9
Signed-off-by: Changyuan Lyu <changyuanl@google.com>
1.2 KiB
1.2 KiB
Confidential Compute (coco)
Alioth supports booting confidential guests on the following platforms:
- AMD-SEV 1
AMD-SEV guest with Oak/Stage0 firmware
WARNING: the current implementation takes QEMU 2 as a reference and should be used in testing environments only.
To launch an SEV guest,
- build the stage0 firmware from the Oak project3,
- prepare the guest Linux kernel of ELF format, the initramfs, and the kernel command line in a text file,
- for SEV guests,
POLICY=0x1
, for SEV-ES guests,POLICY=0x5
, - launch the guest by
./alioth run -f /path/to/oak_stage0.bin \ --mem-size 1G \ --num-cpu 2 \ --fw-cfg name=opt/stage0/elf_kernel,file=/path/to/elf_kernel \ --fw-cfg name=opt/stage0/initramfs,file=/path/to/initramfs \ --fw-cfg name=opt/stage0/cmdline,file=/path/to/cmdline.txt \ --coco sev,policy=$POLICY