- A host machine that is installed and enabled with the virtualization modules and packages.
- Suggested host/guest OS: Ubuntu 20.04 or newer, RHEL 8.5 or newer.
- A primary VM disk image that contains a client daemon.
- A secondary drive that is hotplugged to the primary VM and contains a secondary VM disk image.
- The host machine contains secVmTemplate.xml in
/var/lib/libvirt/.
To run AMD-based confidential primary and secondary VMs, you need:
- An AMD machine that supports SEV, SEV-ES, or/and SEV-SNP.
- For host and guest configurations to enable SEV and run SEV VMs, please refer to https://github.com/AMDESE/AMDSEV/tree/master
- Compile the secVM-enabled Libvirt code: https://github.com/Secondary-VM/libvirt/tree/dev
- In your build environment, run the
virtlockd,virtlogd, andlibvirtdbinaries. - Spawn a primary VM:
./virsh create Secondary-VM/vm-example/primaryVM01.xml - Spawn a secondary VM by running
secondary_vmcommands in the primary VM. For example, if the primary VM requests to spawn/create an encrypted secondary VM with 2 vCPUs, 4 GB memory, and usingsecVM1.imgraw disk image, the command is:sudo ./secondary_vm -c 2 -m 4 -d secVM1.img -t raw -e 1 create.
What the vm-example folder contains:
- primaryVM01.xml: an XML configuration sample file to create a primary VM.
- secVmTemplate.xml: an XML configuration template file to create a secondary VM.
- secondary_vm.c: a client daemon that is deployed in the primary VM.
Apache License 2.0