[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Description changed: [ Impact ] * On the Plucky release, the launch of SNP QEMU VM with SNP measurement boot option fails due to the absence of OVMF amdsev file in the OVMF package * Plucky OVMF package requires the integration of the AMD SEV firmware file "OVMF.amdsev.fd", to enable support for SEV-secured VM remote attestation and secret injection. * This upload fixes this by adopting the d/rules file according to the build instructions from comment #2, for creating an additional - "OCMF.amdsev.fd" file. + "OVMF.amdsev.fd" file. [ Test Plan ] - * Use hardware that supports AMD SEV-SNP features, e.g.: AMD EPYC 9654 + * Use hardware that supports AMD SEV-SNP features, e.g.: AMD EPYC 9654 96-Core Processor - Jul 17 09:22:29 hoodin kernel: SEV-SNP: RMP table physical range [0x0d50 - 0x4ddf] - Jul 17 09:22:29 hoodin kernel: SEV-SNP: Reserving start/end of RMP table on a 2MB boundary [0x0d40] - Jul 17 09:22:30 hoodin kernel: ccp :01:00.5: sev enabled - Jul 17 09:22:36 hoodin kernel: ccp :01:00.5: SEV API:1.55 build:40 - Jul 17 09:22:36 hoodin kernel: ccp :01:00.5: SEV-SNP API:1.55 build:40 - Jul 17 09:22:36 hoodin kernel: kvm_amd: SEV enabled (ASIDs 10 - 1006) - Jul 17 09:22:36 hoodin kernel: kvm_amd: SEV-ES enabled (ASIDs 1 - 9) - Jul 17 09:22:36 hoodin kernel: kvm_amd: SEV-SNP enabled (ASIDs 1 - 9) - + Jul 17 09:22:29 hoodin kernel: SEV-SNP: RMP table physical range [0x0d50 - 0x4ddf] + Jul 17 09:22:29 hoodin kernel: SEV-SNP: Reserving start/end of RMP table on a 2MB boundary [0x0d40] + Jul 17 09:22:30 hoodin kernel: ccp :01:00.5: sev enabled + Jul 17 09:22:36 hoodin kernel: ccp :01:00.5: SEV API:1.55 build:40 + Jul 17 09:22:36 hoodin kernel: ccp :01:00.5: SEV-SNP API:1.55 build:40 + Jul 17 09:22:36 hoodin kernel: kvm_amd: SEV enabled (ASIDs 10 - 1006) + Jul 17 09:22:36 hoodin kernel: kvm_amd: SEV-ES enabled (ASIDs 1 - 9) + Jul 17 09:22:36 hoodin kernel: kvm_amd: SEV-SNP enabled (ASIDs 1 - 9) * Launch a QEMU quest, using: - - image: https://cloud-images.ubuntu.com/releases/plucky/release-20250701/ubuntu-25.04-server-cloudimg-amd64.img - - kernel: 6.14.0-23-generic (https://cloud-images.ubuntu.com/releases/plucky/release-20250701/unpacked/ubuntu-25.04-server-cloudimg-amd64-vmlinuz-generic) + - image: https://cloud-images.ubuntu.com/releases/plucky/release-20250701/ubuntu-25.04-server-cloudimg-amd64.img + - kernel: 6.14.0-23-generic (https://cloud-images.ubuntu.com/releases/plucky/release-20250701/unpacked/ubuntu-25.04-server-cloudimg-amd64-vmlinuz-generic) sudo qemu-system-x86_64 \ - -enable-kvm \ - -nographic \ - -cpu EPYC-v4 \ - -machine q35 \ - -smp 6 \ - -m 6G \ - -machine memory-encryption=sev0,vmport=off \ - -object memory-backend-memfd,id=ram1,size=6G,share=true,prealloc=false \ - -machine memory-backend=ram1 \ - -object sev-snp-guest,id=sev0,policy=0x3,cbitpos=51,reduced-phys-bits=5,kernel-hashes=on \ - -kernel "$VMLINUZ" \ - -append "root=/dev/vda1 console=ttyS0" \ - -drive "if=virtio,format=qcow2,file=$IMAGE" \ - -drive "if=virtio,format=raw,file=cloud-init.img" \ - -bios /usr/share/ovmf/OVMF.amdsev.fd \ - -net nic,model=e1000 -net user,hostfwd=tcp::-:22 + -enable-kvm \ + -nographic \ + -cpu EPYC-v4 \ + -machine q35 \ + -smp 6 \ + -m 6G \ + -machine memory-encryption=sev0,vmport=off \ + -object memory-backend-memfd,id=ram1,size=6G,share=true,prealloc=false \ + -machine memory-backend=ram1 \ + -object sev-snp-guest,id=sev0,policy=0x3,cbitpos=51,reduced-phys-bits=5,kernel-hashes=on \ + -kernel "$VMLINUZ" \ + -append "root=/dev/vda1 console=ttyS0" \ + -drive "if=virtio,format=qcow2,file=$IMAGE" \ + -drive "if=virtio,format=raw,file=cloud-init.img" \ + -bios /usr/share/ovmf/OVMF.amdsev.fd \ + -net nic,model=e1000 -net user,hostfwd=tcp::-:22 * Inside the guest, confirm AMD SEV-SNP got activated and the character device created after inserting the "sev-snp" module: - Jul 17 10:09:21 ubuntu kernel: Memory Encryption Features active: AMD SEV SEV-ES SEV-SNP - Jul 17 10:09:21 ubuntu kernel: SEV: Status: SEV SEV-ES SEV-SNP + Jul 17 10:09:21 ubuntu kernel: Memory Encryption Features active: AMD SEV SEV-ES SEV-SNP + Jul 17 10:09:21 ubuntu kernel: SEV: Status: SEV SEV-ES SEV-SNP - ubuntu@ubuntu:~$ sudo modprobe sev-guest - ubuntu@ubuntu:~$ ls /dev/sev-guest - /dev/sev-guest + ubuntu@ubuntu:~$ sudo modprobe sev-guest + ubuntu@ubuntu:~$ ls /dev/sev-guest + /dev/sev-guest [ Where problems could occur ] - * we're modifying the d/rules Makefile, to create a new, independent + * we're modifying the d/rules
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
In Noble the qemu side does not have -snp yet, that was added in 9.1 - hence for Noble this is a won't fix. We un-duplicated the other case asking for these builds but for -es which was available back then. ** Changed in: edk2 (Ubuntu Noble) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Also affects: edk2 (Ubuntu Noble) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
I've now prepared the same change for Noble, too, utilizing the same PPA. MP: https://code.launchpad.net/~slyon/ubuntu/+source/edk2/+git/edk2/+merge/492688 PPA: https://launchpad.net/~slyon/+archive/ubuntu/lp-2106771-libvirt-amdsev-ovmf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Merge proposal linked: https://code.launchpad.net/~slyon/ubuntu/+source/edk2/+git/edk2/+merge/492688 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Changed in: edk2 (Debian) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
FTR: This got accepted/merged in Debian, too: https://salsa.debian.org/qemu-team/edk2/-/merge_requests/20 As of edk2 2025.02-9 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
Doc updates around SEV-SNP: https://github.com/canonical/ubuntu-server- documentation/pull/344 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
This bug was fixed in the package edk2 - 2025.02-3ubuntu2.1 --- edk2 (2025.02-3ubuntu2.1) plucky; urgency=medium * d/rules: Build OVMF.amdsev.fd (LP: #2106771) * d/descriptors: Add amd-sev JSON * d/ovmf.README.Debian: Mention OVMF.amdsev.fd firmware -- Lukas Märdian Wed, 30 Jul 2025 10:00:21 +0200 ** Changed in: edk2 (Ubuntu Plucky) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
I installed the OVMF package from plucky-proposed: ovmf/plucky-proposed,now 2025.02-3ubuntu2.1 all [installed,automatic] and ran a similar command as before: sudo qemu-system-x86_64 \ -enable-kvm \ -nographic \ -snapshot \ -cpu EPYC-v4 \ -machine q35 \ -smp 6 \ -m 6G \ -machine memory-encryption=sev0,vmport=off \ -object memory-backend-memfd,id=ram1,size=6G,share=true,prealloc=false \ -machine memory-backend=ram1 \ -object sev-snp-guest,id=sev0,policy=0x3,cbitpos=51,reduced-phys-bits=1,kernel-hashes=on \ -kernel "$VMLINUZ" \ -append "root=/dev/vda1 console=ttyS0" \ -drive "if=virtio,format=qcow2,file=$IMAGE" \ -drive "if=virtio,format=raw,file=cloud-init.img" \ -bios /usr/share/ovmf/OVMF.amdsev.fd \ -net nic,model=e1000 -net user,hostfwd=tcp::-:22 I verified that the VM was booting as expected and once on the guest, I verified that SEV-SNP was correctly marked as enabled in the logs: Aug 20 08:12:55 ubuntu kernel: Memory Encryption Features active: AMD SEV SEV-ES SEV-SNP Aug 20 08:12:55 ubuntu kernel: SEV: Status: SEV SEV-ES SEV-SNP Aug 20 08:12:55 ubuntu kernel: SEV: Using SNP CPUID table, 29 entries present. Aug 20 08:12:55 ubuntu kernel: SEV: SNP running at VMPL0. Aug 20 08:12:55 ubuntu kernel: SEV: SNP guest platform device initialized. I also verified that I was able to load the sev-guest module: $ ls /dev/sev-guest /dev/sev-guest ** Tags removed: verification-needed verification-needed-plucky ** Tags added: verification-done verification-done-plucky -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
All the failures from the comment above were intermittent infrastructure failures and are resolved now by re-triggering. We'll be working on the manual SRU verification according to the [Test Plan] from the bug description, too. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
Hello Harika, or anyone else affected, Accepted edk2 into plucky-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/edk2/2025.02-3ubuntu2.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- plucky to verification-done-plucky. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-plucky. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: edk2 (Ubuntu Plucky) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-plucky -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
Uploaded into Plucky unapproved. ** Changed in: edk2 (Ubuntu Plucky) Assignee: (unassigned) => Lukas Märdian (slyon) ** Changed in: edk2 (Ubuntu Plucky) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Description changed: - On the plucky release, the launch of SNP QEMU VM with SNP measurement + [ Impact ] + + * On the Plucky release, the launch of SNP QEMU VM with SNP measurement boot option fails due to the absence of OVMF amdsev file in the OVMF - plucky ubuntu package + package - Plucky OVMF package requires the integration of the AMD SEV firmware - file,OVMF.amdsev.fd, to enable support for SEV-secured VM remote + * Plucky OVMF package requires the integration of the AMD SEV firmware + file "OVMF.amdsev.fd", to enable support for SEV-secured VM remote attestation and secret injection. + + * This upload fixes this by adopting the d/rules file according to the + build instructions from comment #2, for creating an additional + "OCMF.amdsev.fd" file. + + [ Test Plan ] + + * Use hardware that supports AMD SEV-SNP features, e.g.: AMD EPYC 9654 + 96-Core Processor + + Jul 17 09:22:29 hoodin kernel: SEV-SNP: RMP table physical range [0x0d50 - 0x4ddf] + Jul 17 09:22:29 hoodin kernel: SEV-SNP: Reserving start/end of RMP table on a 2MB boundary [0x0d40] + Jul 17 09:22:30 hoodin kernel: ccp :01:00.5: sev enabled + Jul 17 09:22:36 hoodin kernel: ccp :01:00.5: SEV API:1.55 build:40 + Jul 17 09:22:36 hoodin kernel: ccp :01:00.5: SEV-SNP API:1.55 build:40 + Jul 17 09:22:36 hoodin kernel: kvm_amd: SEV enabled (ASIDs 10 - 1006) + Jul 17 09:22:36 hoodin kernel: kvm_amd: SEV-ES enabled (ASIDs 1 - 9) + Jul 17 09:22:36 hoodin kernel: kvm_amd: SEV-SNP enabled (ASIDs 1 - 9) + + + * Launch a QEMU quest, using: + - image: https://cloud-images.ubuntu.com/releases/plucky/release-20250701/ubuntu-25.04-server-cloudimg-amd64.img + - kernel: 6.14.0-23-generic (https://cloud-images.ubuntu.com/releases/plucky/release-20250701/unpacked/ubuntu-25.04-server-cloudimg-amd64-vmlinuz-generic) + + sudo qemu-system-x86_64 \ + -enable-kvm \ + -nographic \ + -cpu EPYC-v4 \ + -machine q35 \ + -smp 6 \ + -m 6G \ + -machine memory-encryption=sev0,vmport=off \ + -object memory-backend-memfd,id=ram1,size=6G,share=true,prealloc=false \ + -machine memory-backend=ram1 \ + -object sev-snp-guest,id=sev0,policy=0x3,cbitpos=51,reduced-phys-bits=5,kernel-hashes=on \ + -kernel "$VMLINUZ" \ + -append "root=/dev/vda1 console=ttyS0" \ + -drive "if=virtio,format=qcow2,file=$IMAGE" \ + -drive "if=virtio,format=raw,file=cloud-init.img" \ + -bios /usr/share/ovmf/OVMF.amdsev.fd \ + -net nic,model=e1000 -net user,hostfwd=tcp::-:22 + + * Inside the guest, confirm AMD SEV-SNP got activated and the character + device created after inserting the "sev-snp" module: + + Jul 17 10:09:21 ubuntu kernel: Memory Encryption Features active: AMD SEV SEV-ES SEV-SNP + Jul 17 10:09:21 ubuntu kernel: SEV: Status: SEV SEV-ES SEV-SNP + + ubuntu@ubuntu:~$ sudo modprobe sev-guest + ubuntu@ubuntu:~$ ls /dev/sev-guest + /dev/sev-guest + + [ Where problems could occur ] + + * we're modifying the d/rules Makefile, to create a new, independent + "OVMF.amdsev.fd" UEFI rom. + + * If anything goes wrong in d/rules, the package could FTBFS + + * Besides that the new 60-edk2-x86_64-amdsev.json could provide wrong + metadata which would make the new "OVMF.amdsev.fd" not be properly + autodetected. Any issues inside the "OVMF.amdsev.fd" rom itself should + be isolated to the specific AMD SEV-SNP usecase itself. + + [ Other Info ] + + * This got forwarded to Debian and got a preliminary +1 from dannf, but + wasn't merged, yet: https://salsa.debian.org/qemu- + team/edk2/-/merge_requests/20 + + * This was pre-tested to be functional in comment #10 below + + --- original bug report --- Currently, the SEV firmware necessary to support SEV Virtual Machine Remote Attestation is not available within the Ubuntu OVMF package. I attempted to execute an SNP QEMU measured boot using the OVMF file packaged with Ubuntu, but this endeavor was unsuccessful due to the provision of an invalid OVMF file within the Ubuntu OVMF package. Error message that I see using Ubuntu OVMF.fd(/usr/share/ovmf/OVMF.fd) as guest bios is as follows: qemu-system-x86_64: SEV: guest firmware hashes table area is invalid (base=0x0 size=0x0) QEMU commandline used for my SNP guest test launch on Plucky release is as follows: qemu-system-x86_64 \ - -enable-kvm \ - -cpu EPYC-v4 \ - -m 2048 \ - -nographic \ - -netdev user,hostfwd=tcp::10030-:22,id=vmnic \ - -device virtio-net-pci,disable-legacy=on,iommu_platform=true,netdev=vmnic,romfile= \ - -device virtio-scsi-pci,id=scsi0 \ - -device scsi-hd,drive=disk0 \ - -drive if=none,id=disk0,format=qcow2,file=/home/amd/os-guest-test/os-guest-test-guest.qcow2 \ - -machine memory-encryption=sev0,vmport=off \ - -object memory-backend-memfd,id=ram1,size=2048M,share=true,prealloc=false \ - -machine memo
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
This bug was fixed in the package edk2 - 2025.02-8ubuntu1 --- edk2 (2025.02-8ubuntu1) questing; urgency=medium * d/rules: Build OVMF.amdsev.fd (LP: #2106771) * d/descriptors: Add amd-sev JSON * d/ovmf.README.Debian: Mention OVMF.amdsev.fd firmware -- Lukas Märdian Wed, 11 Jun 2025 10:03:12 +0200 ** Changed in: edk2 (Ubuntu Questing) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Changed in: edk2 (Ubuntu Questing) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
I was able to confirm that the OVMF.amdsev.fd firmware works as expected on Plucky. ** SETUP ** Model name: AMD EPYC 9654 96-Core Processor SEV-SNP feature enabled: Jul 17 09:22:29 hoodin kernel: SEV-SNP: RMP table physical range [0x0d50 - 0x4ddf] Jul 17 09:22:29 hoodin kernel: SEV-SNP: Reserving start/end of RMP table on a 2MB boundary [0x0d40] Jul 17 09:22:30 hoodin kernel: ccp :01:00.5: sev enabled Jul 17 09:22:36 hoodin kernel: ccp :01:00.5: SEV API:1.55 build:40 Jul 17 09:22:36 hoodin kernel: ccp :01:00.5: SEV-SNP API:1.55 build:40 Jul 17 09:22:36 hoodin kernel: kvm_amd: SEV enabled (ASIDs 10 - 1006) Jul 17 09:22:36 hoodin kernel: kvm_amd: SEV-ES enabled (ASIDs 1 - 9) Jul 17 09:22:36 hoodin kernel: kvm_amd: SEV-SNP enabled (ASIDs 1 - 9) Host Packages: qemu-system-x86/plucky,now 1:9.2.1+ds-1ubuntu5 amd64 [installed] ovmf/plucky,now 2025.02-3ubuntu2.1~ppa2 all [installed,automatic] Host kernel: 6.14.0-24-generic Guest: image: https://cloud-images.ubuntu.com/releases/plucky/release-20250701/ubuntu-25.04-server-cloudimg-amd64.img kernel: 6.14.0-23-generic (https://cloud-images.ubuntu.com/releases/plucky/release-20250701/unpacked/ubuntu-25.04-server-cloudimg-amd64-vmlinuz-generic) ** Launch script ** sudo qemu-system-x86_64 \ -enable-kvm \ -nographic \ -cpu EPYC-v4 \ -machine q35 \ -smp 6 \ -m 6G \ -machine memory-encryption=sev0,vmport=off \ -object memory-backend-memfd,id=ram1,size=6G,share=true,prealloc=false \ -machine memory-backend=ram1 \ -object sev-snp-guest,id=sev0,policy=0x3,cbitpos=51,reduced-phys-bits=5,kernel-hashes=on \ -kernel "$VMLINUZ" \ -append "root=/dev/vda1 console=ttyS0" \ -drive "if=virtio,format=qcow2,file=$IMAGE" \ -drive "if=virtio,format=raw,file=cloud-init.img" \ -bios /usr/share/ovmf/OVMF.amdsev.fd \ -net nic,model=e1000 -net user,hostfwd=tcp::-:22 ** On the guest ** Logs: Jul 17 10:09:21 ubuntu kernel: Memory Encryption Features active: AMD SEV SEV-ES SEV-SNP Jul 17 10:09:21 ubuntu kernel: SEV: Status: SEV SEV-ES SEV-SNP After inserting the sev-snp module, I can see the character device: ubuntu@ubuntu:~$ sudo modprobe sev-guest ubuntu@ubuntu:~$ ls /dev/sev-guest /dev/sev-guest ** Generate a test report ** Finally, I was able to generate a report on the guest using AMD's tool: https://github.com/virtee/snpguest (that we should probably package). ubuntu@ubuntu:~$ sudo ./snpguest report --random attestation-report.bin request-file.txt ubuntu@ubuntu:~$ sudo ./snpguest display report attestation-report.bin Attestation Report: Version: 3 Guest SVN:0 Guest Policy (0x3): ABI Major: 0 ABI Minor: 0 SMT Allowed: true Migrate MA:false Debug Allowed: false Single Socket: false Family ID: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Image ID: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 VMPL: 1 Signature Algorithm: 1 Current TCB: TCB Version: Microcode: 84 SNP: 23 TEE: 0 Boot Loader: 10 FMC: None Platform Info (39): SMT Enabled: true TSME Enabled: true ECC Enabled: true RAPL Disabled: false Ciphertext Hiding Enabled: false Alias Check Complete: true Key Information: author key enabled: false mask chip key: false signing key:vcek Report Data: 76 94 01 33 15 1B 6B 97 A6 4B 8F 35 DF 3D 4E 9A 8B DF 3E FF 6A 0D 17 87 73 8C 6F 6C D0 75 65 4F 49 10 E7 05 D7 87 61 D9 34 31 FC 9D 86 F0 B8 10 AB 76 DE E5 EB C8 B8 90 08 2B E4 E9 26 23 E0 67 Measurement: 1A DE 39 B1 13 F3 DC F6 EE F1 A8 C0 53 F8 1D C4 D4 07 19 50 15 C3 41 EF 25 CC B7 E5 60 6B 7B 2C DA 4A 30 35 4C 17 02 F4 5C 1C 3D 6C 59 BE 39 55 Host Data: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ID Key Digest: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Author Key Digest: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Report ID: 58 2C DF E2 63 6C A4 6E 7A 00 D3 E0 54 BE D4 45 0F 7D 9D 49 C0 B3 35 C3 91 6B 08 54 0A C0 94 0D Report ID Migration Agent: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF Reported TCB: TCB Version: Microcode: 84 SNP: 23 TEE: 0 Boot Loader: 10 FMC: None CPUID Family ID: 25 CPUID Model ID: 17 CPUID Stepping: 1 Chip ID: 2C 4E DA 5B E5 75 68 F3 47 6F 92 0B FA 63 44 16 8E A2 B6 D8 A5 74 C9 41 52 8B B7 E9 E3 64 8D 92 20 6F 68 F9 37 D3 99 6C DF 50 04 4A 6D DE 94 F7 AA F
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
To go ahead we need some confirmation at least. Dannf could not give us a review yet. Nor did anyone with access to the HW help to verify the PPA for Lukas we are kind of blocked. Just uploading something that might work seems to be the wrong approach. Could anyone affected please have a check with the PPA to unblock us? Adding Kevin in case he has some contact to help with that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
PPA (shipping /usr/share/ovmf/OVMF.amdsev.fd & /usr/share/qemu/firmware/60-edk2-x86_64-amdsev.json): https://launchpad.net/~slyon/+archive/ubuntu/lp-2106771-libvirt-amdsev- ovmf MPs: Questing: https://code.launchpad.net/~slyon/ubuntu/+source/edk2/+git/edk2/+merge/484880 Plucky: https://code.launchpad.net/~slyon/ubuntu/+source/edk2/+git/edk2/+merge/484967 What would be the best way to test this? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Merge proposal linked: https://code.launchpad.net/~slyon/ubuntu/+source/edk2/+git/edk2/+merge/484967 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Merge proposal linked: https://code.launchpad.net/~slyon/ubuntu/+source/edk2/+git/edk2/+merge/484880 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Changed in: edk2 (Ubuntu Questing) Assignee: (unassigned) => Lukas Märdian (slyon) ** Changed in: edk2 (Ubuntu Questing) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
Forwarded to Debian: https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1103961 ** Bug watch added: Debian Bug tracker #1103961 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103961 ** Also affects: edk2 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103961 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Changed in: edk2 (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Also affects: edk2 (Ubuntu Plucky) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
FYI - all these special boot types seem to need one extra file, out of TDX work there is the similar [1]. We might want to ensure that eventually all of them flow in build and files in a similar way. Therefore when implementing this for snp, let us try to use the same pattern. [1]: https://git.launchpad.net/~kobuk- team/ubuntu/+source/edk2/commit/?id=cbc824d254e5b98073411b3f74a12dbbcbb20380 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
Subscribing also DannF to it as he looks after this in Debian. While Debian is in freeze and not expected to move soon, they and he in particular should know about it. We are also forwarding the bug to align where we can in resolving this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Also affects: edk2 (Ubuntu Questing) Importance: Wishlist Status: Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Changed in: edk2 (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
Hi Lukas, >> Can you confirm that this never worked on Ubuntu before (e.g. didn't work on 24.04 LTS)? Yes OVMF.fd ubuntu file did not work on Ubuntu 24.04, and, I could not find AMDSEV OVMF.fd file in the ubuntu OVMF package that supports QEMU AMD SNP VM Measured linux boot -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
Thank you very much for this report, Harika! Can you confirm that this never worked on Ubuntu before (e.g. didn't work on 24.04 LTS)? It sounds like this is a feature request and should be tracked at "Wishlist" priority. From your report, I can see that it doesn't seem to work on Ubuntu 25.04, due to the missing OVMF.amdsev.fd (or Build/AmdSev/DEBUG_GCC5/FV/OVMF.fd). But I cannot find such file on any other version of Ubuntu either. IIUC your comment #2 the edk2 source package in Ubuntu provides everything we need, but the build flags/config needs to be adopted in order to produce this file, e.g.: e) Modify Conf files to build AMDSEV OVMF.fd firmwar for SNP remote attestation and secret injection purposes. # Create GRUB file under AmdSev to build AmdSev firmware without error $ touch OvmfPkg/AmdSev/Grub/grub.efi # Modify Conf/target.txt to build AMDSEV Firmware # In the Conf/target.txt, # Set the build platform, target architecture, tool chain, and multi-threading options as follows: ACTIVE_PLATFORM = OvmfPkg/AmdSev/AmdSevX64.dsc TARGET_ARCH = X64 TOOL_CHAIN_TAG = GCC5 Ubuntu 25.04 is currently in Final Freeze and we cannot at this time enable any new features. but we can track it as a feature request for the next Ubuntu release. ** Changed in: edk2 (Ubuntu) Importance: Undecided => Wishlist ** Changed in: edk2 (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Tags removed: server-triage-discuss -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
** Tags added: server-triage-discuss -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106771] Re: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd
As a workaround fix, I used the built AMDSEV OVMF.fd from the OVMF source code extracted from the Ubuntu Plucky Package. I built the AMDSEV-SNP VM OVMF from the OVMF plucky ubuntu package using the following steps: Step 1: Get OVMF Source code from the Ubuntu Plucky Package apt-get source ovmf Step 2: Build AMD-SNP OVMF for SNP VM measure direct boot based on the below link: https://github.com/tianocore/tianocore.github.io/wiki/Common-instructions a) Pre-Install OVMF Dependencies to setup EDK2 Build Environment sudo apt install build-essential uuid-dev iasl git nasm python-is-python3 b) Compile build tools $ cd edk2-2025.02/ $ make -C BaseTools $ export EDK_TOOLS_PATH=$HOME/edk2-2025.02/BaseTools $ ./edksetup.sh When the above steps are done, we can work in the edk2 directory for code development. c) Build the EDK II BaseTools $ make -C edk2/BaseTools d) Setup build shell environment $ cd edk2-2025.02/ $ export EDK_TOOLS_PATH=$HOME/src/edk2/BaseTools # Below command populates edk2/Conf directory with the default configuration files $ . edksetup.sh BaseTools e) Modify Conf files to build AMDSEV OVMF.fd firmwar for SNP remote attestation and secret injection purposes. # Create GRUB file under AmdSev to build AmdSev firmware without error $ touch OvmfPkg/AmdSev/Grub/grub.efi # Modify Conf/target.txt to build AMDSEV Firmware # In the Conf/target.txt, # Set the build platform, target architecture, tool chain, and multi-threading options as follows: ACTIVE_PLATFORM = OvmfPkg/AmdSev/AmdSevX64.dsc TARGET_ARCH = X64 TOOL_CHAIN_TAG= GCC5 # Build AMDSEV OVMF Firmware build # After build, OVMF firmware for SNP VM measured boot is located at Build/AmdSev/DEBUG_GCC5/FV/OVMF.fd inside edk2 source directory ** Attachment added: "This screenshot shows the ubuntu OVMF fix for the successful SNP QEMU direct measure linux boot" https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+attachment/5870969/+files/plukcy-ovmf-fix-in-snp-qemu-cmdline.png -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106771 Title: Add support for QEMU AMD SNP VM Measured linux boot with the addition of new AMDSEV OVMF.fd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2106771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
