coconut-svsm · joergroedel · Dec 17, 2024 · Dec 17, 2024 · Dec 17, 2024 · Dec 17, 2024
diff --git a/Documentation/docs/installation/INSTALL.md b/Documentation/docs/installation/INSTALL.md
@@ -270,9 +270,10 @@ guest:
 
 ```
   -cpu EPYC-v4 \
-  -machine q35,confidential-guest-support=sev0,memory-backend=ram1 \
-  -object memory-backend-memfd,id=ram1,size=8G,share=true,prealloc=false,reserve=false\
-  -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,igvm-file=/path/to/coconut-qemu.igvm \
+  -machine q35,confidential-guest-support=sev0,memory-backend=ram1,igvm-cfg=igvm0 \
+  -object memory-backend-memfd,id=ram1,size=8G,share=true,prealloc=false,reserve=false \
+  -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1 \
+  -object igvm-cfg,id=igvm0,file=/path/to/coconut-qemu.igvm
 ```
 
 This selects the ```EPYC-v4``` CPU type which will pass the CPUID validation
@@ -293,9 +294,10 @@ $ export IGVM=/path/to/coconut-qemu.igvm
 $ sudo $HOME/bin/qemu-svsm/bin/qemu-system-x86_64 \
   -enable-kvm \
   -cpu EPYC-v4 \
-  -machine q35,confidential-guest-support=sev0,memory-backend=ram1 \
+  -machine q35,confidential-guest-support=sev0,memory-backend=ram1,igvm-cfg=igvm0 \
   -object memory-backend-memfd,id=ram1,size=8G,share=true,prealloc=false,reserve=false \
-  -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,igvm-file=$IGVM \
+  -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1 \
+  -object igvm-cfg,id=igvm0,file=$IGVM \
   -smp 8 \
   -no-reboot \
   -netdev user,id=vmnic -device e1000,netdev=vmnic,romfile= \

diff --git a/kernel/src/cpu/vc.rs b/kernel/src/cpu/vc.rs
@@ -536,7 +536,8 @@ mod tests {
     }
 
     #[test]
-    #[cfg_attr(not(test_in_svsm), ignore = "Can only be run inside guest")]
+    //#[cfg_attr(not(test_in_svsm), ignore = "Can only be run inside guest")]
+    #[ignore = "DBG_CTL access no longer intercepted"]
     fn test_rdmsr_debug_ctl() {
         const MSR_DEBUG_CTL: u32 = 0x1d9;
         let apic_base = verify_ghcb_gets_altered(|| read_msr(MSR_DEBUG_CTL));

diff --git a/scripts/launch_guest.sh b/scripts/launch_guest.sh
@@ -67,12 +67,21 @@ QEMU_MINOR=${QEMU_MINOR%%.$QEMU_BUILD}
 
 # The QEMU machine and memory command line changed after QEMU 8.2.0 from
 # the coconut-svsm git repository.
-if (( (QEMU_MAJOR > 8) || ((QEMU_MAJOR == 8) && (QEMU_MINOR >= 2)) )); then
+if (( QEMU_MAJOR >= 9 )); then
+  MACHINE=q35,confidential-guest-support=sev0,memory-backend=mem0,igvm-cfg=igvm0
+  MEMORY=memory-backend-memfd,size=8G,id=mem0,share=true,prealloc=false,reserve=false
+  SNP_GUEST="sev-snp-guest,id=sev0,cbitpos=$C_BIT_POS,reduced-phys-bits=1"
+  IGVM_OBJ="-object igvm-cfg,id=igvm0,file=$IGVM"
+elif (( (QEMU_MAJOR > 8) || ((QEMU_MAJOR == 8) && (QEMU_MINOR >= 2)) )); then
   MACHINE=q35,confidential-guest-support=sev0,memory-backend=mem0
   MEMORY=memory-backend-memfd,size=8G,id=mem0,share=true,prealloc=false,reserve=false
+  SNP_GUEST="sev-snp-guest,id=sev0,cbitpos=$C_BIT_POS,reduced-phys-bits=1,init-flags=5,igvm-file=$IGVM"
+  IGVM_OBJ=""
 else
   MACHINE=q35,confidential-guest-support=sev0,memory-backend=mem0,kvm-type=protected
   MEMORY=memory-backend-memfd-private,size=8G,id=mem0,share=true
+  SNP_GUEST="sev-snp-guest,id=sev0,cbitpos=$C_BIT_POS,reduced-phys-bits=1,init-flags=5,igvm-file=$IGVM"
+  IGVM_OBJ=""
 fi
 
 # Setup a disk if an image has been specified
@@ -112,7 +121,8 @@ $SUDO_CMD \
     -cpu EPYC-v4 \
     -machine $MACHINE \
     -object $MEMORY \
-    -object sev-snp-guest,id=sev0,cbitpos=$C_BIT_POS,reduced-phys-bits=1,init-flags=5,igvm-file=$IGVM \
+    $IGVM_OBJ \
+    -object $SNP_GUEST \
     -smp 4 \
     -no-reboot \
     -netdev user,id=vmnic -device e1000,netdev=vmnic,romfile= \