On Fri, Jun 21, 2024 at 03:29:12PM +0100, Roy Hopkins wrote: > IGVM support has been implemented for Confidential Guests that support > AMD SEV and AMD SEV-ES. Add some documentation that gives some > background on the IGVM format and how to use it to configure a > confidential guest. > > Signed-off-by: Roy Hopkins <roy.hopk...@suse.com> > --- > docs/system/i386/amd-memory-encryption.rst | 2 + > docs/system/igvm.rst | 157 +++++++++++++++++++++ > docs/system/index.rst | 1 + > 3 files changed, 160 insertions(+) > create mode 100644 docs/system/igvm.rst
> diff --git a/docs/system/igvm.rst b/docs/system/igvm.rst > new file mode 100644 > index 0000000000..b6e544a508 > --- /dev/null > +++ b/docs/system/igvm.rst > +Running a Confidential Guest configured using IGVM > +-------------------------------------------------- > + > +To run a confidential guest configured with IGVM you need to add an > +``igvm-cfg`` object and refer to it from the ``-machine`` parameter: > + > +Example (for AMD SEV):: > + > + qemu-system-x86_64 \ > + <other parameters> \ > + -machine ...,confidential-guest-support=sev0,igvm-cfg=igvm0 \ > + -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 \ > + -object igvm-cfg,id=igvm0,file=/path/to/guest.igvm Perhaps also illustrate use of your 'buildigvm' tool for creating the igvm file first, assuming that's the tool users are most likely to end up needing ? With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|