《云原生机密计算最佳实践白皮书》——06运行时底座——AMD SEV机密虚拟机(1) https://developer.aliyun.com/article/1230950?groupCode=aliyun_linux
第三步 启动虚拟机相关的准备工作
1、yum update && yum upgrade
2、yum install libvirt-daemon virt-manager libvirt-client qemu-kvm epel-release cloud-utils virt-install
3、virsh domcapabilities
确保输出有 "sev supported='yes'"
类似输出如下
<sev supported='yes'> <cbitpos>51</cbitpos> <reducedPhysBits>1</reducedPhysBits> <maxGuests>253</maxGuests> <maxESGuests>0</maxESGuests> </sev>
VM 网络环境配置
1、创建默认的网络环境配置 default.xml
<network> <name>default</name> <forward mode='nat'/> <bridge name='virbr0' stp='on' delay='0'/> <mac address='52:54:00:0a:cd:21'/> <ip address='192.168.122.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.122.2' end='192.168.122.254'/> </dhcp> </ip> </network>
1、virsh net-defifine --fifile default.xml
2、virsh net-start default
3、virsh net-autostart --network default
第四步 VM 镜像的配置
ubuntu 作为VM
1、wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img
2、qemu-img convert focal-server-cloudimg-amd64.img /var/lib/libvirt/images/sev-guest.img
3、创建VM镜像用户和密码配置文件 cloud-confifig
#cloud-confifig ssh_pwauth: True password: 123456 chpasswd: { expire: False } chpasswd: list: | root:123456 ubuntu:123456 expire: False
4、cloud-localds /var/lib/libvirt/images/init-passwd.iso cloud-confifig
《云原生机密计算最佳实践白皮书》——06运行时底座——AMD SEV机密虚拟机(3) https://developer.aliyun.com/article/1230948?groupCode=aliyun_linux
