On Tue, Feb 27, 2024 at 02:50:15PM +0000, Roy Hopkins wrote: > IGVM support has been implemented for Confidential Guests that support > AMD SEV and AMD SEV-ES. Add some documentation that gives some > background on the IGVM format and how to use it to configure a > confidential guest. > > Signed-off-by: Roy Hopkins <roy.hopk...@suse.com> > --- > docs/system/igvm.rst | 58 +++++++++++++++++++++++++++++++++++++++++++ > docs/system/index.rst | 1 + > 2 files changed, 59 insertions(+) > create mode 100644 docs/system/igvm.rst
> +Firmware Images with IGVM > +------------------------- > + > +When an IGVM filename is specified for a Confidential Guest Support object it > +overrides the default handling of system firmware: the firmware image, such > as > +an OVMF binary should be contained as a payload of the IGVM file and not > +provided as a flash drive. The default QEMU firmware is not automatically > mapped > +into guest memory. IIUC, in future the IGVM file could contain both the OVMF and SVSM binaries ? I'm also wondering if there can be dependancies between the IGVM file and the broader QEMU configuration ? eg if SVSM gains suupport for data persistence, potentially we might need some pflash device exposed as storage for SVSM to use. Would such a dependancy be something expressed in the IGVM file, or would it be knowledge that is out of band ? Finally, if we think of the IGVM file as simply yet another firmware file format, then it raises of question of integration into the QEMU firmware descriptors. Right now when defining a guest in libvirt if you can say 'type=bios' or 'type=uefi', and libvirt consults the firmware descriptors to find the binary to use. If the OS distro provides IGVM files instead of traditional raw OVMF binaries for SEV/TDX/etc, then from libvirt's POV I think having this expressed in the firmware descriptors is highly desirable. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
