Use stage0 + SEV without fw_cfg

[Lencerf]

Hello stage0 developers!

I would like to try stage0 with other VMMs (crosvm, cloud-hyeprvisor, etc). I saw the following notes in stage0's readme on loading a kernel

The loader device does not ask the PSP to encrypt the memory under SEV, so this will only work with no memory encryption enabled.

I want to know whether this is fixable from the VMM side. For example, in the QEMU, if we do add some code in the QEMU loader device to "ask the PSP to encrypt the memory", can option 1 (pre-loading the kernel) work under SEV? I am asking this because fw_cfg device may mot be available in other VMMs.

I am completely new to SEV, please correct me if I am wrong. Suggestions are very much appreciated!

[conradgrobler]

Yes, preloading the kernel will work if QEMU is updated to ask the AMD SP to encrypt the extra modified memory before booting the VM.

Regarding the use of stage0 with Cloud Hypervisor or crosvm in general: I think there is a bit of work needed in Stage0 to support that. Stage0 also uses the fw_cfg device to fetch other information such as the ACPI tables and the physical memory layout from the VMM. I believe that the other VMMs write this directly to the guest memory, so stage0 will have to know how to find this info, or at the very least not crash if it can't find this info by using the fw_cfg device.

Regarding using stage0 with Cloud Hypervisor or crosvm on SEV: AFAIK neither of these VMMs have been enlightened to support running on SEV, so it would require a significant amount of work on the VMMs to add this support.