SEV-SNP launch fails ubuntu24.04, 7443P

[crinard]

I have built snp-latest, installed the kernel, and successfully launched SEV and SEV-ES enabled VMs. However, when I try to launch a SEV-SNP enabled VM, I get the following error:
CpuDxe: 5-Level Paging = 0 MpInitChangeApLoopCallback() done! SetUefiImageMemoryAttributes - 0x000000007E4E4000 - 0x0000000000009000 (0x0000000000000008) SetUefiImageMemoryAttributes - 0x000000007E4DD000 - 0x0000000000007000 (0x0000000000000008) SetUefiImageMemoryAttributes - 0x000000007E4D7000 - 0x0000000000006000 (0x0000000000000008) SetUefiImageMemoryAttributes - 0x000000007E4D0000 - 0x0000000000007000 (0x0000000000000008) SetUefiImageMemoryAttributes - 0x000000007E4BF000 - 0x0000000000011000 (0x0000000000000008) SetUefiImageMemoryAttributes - 0x000000007E4BA000 - 0x0000000000005000 (0x0000000000000008) SetUefiImageMemoryAttributes - 0x000000007E4B3000 - 0x0000000000007000 (0x0000000000000008) SetUefiImageMemoryAttributes - 0x000000007E4AF000 - 0x0000000000004000 (0x0000000000000008) SetUefiImageMemoryAttributes - 0x000000007E4AA000 - 0x0000000000005000 (0x0000000000000008) error: kvm run failed Invalid argument EAX=00000000 EBX=00000000 ECX=00000000 EDX=00800f12 ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000 EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 00000000 0000ffff 00009300 CS =f000 ffff0000 0000ffff 00009b00 SS =0000 00000000 0000ffff 00009300 DS =0000 00000000 0000ffff 00009300 FS =0000 00000000 0000ffff 00009300 GS =0000 00000000 0000ffff 00009300 LDT=0000 00000000 0000ffff 00008200 TR =0000 00000000 0000ffff 00008b00 GDT= 00000000 0000ffff IDT= 00000000 0000ffff CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000000 Code=c5 5a 08 2d 00 00 00 00 00 00 00 00 00 00 00 00 56 54 46 00 <0f> 20 c0 a8 01 74 05 e9 2c ff ff ff e9 11 ff 90 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??

I have tried running with the --bios option as well. I have checked firmware versioning, which is correct, and SEV-SNP is enabled.

[tlendacky]

Those messages and the error are from early in the guest kernel. What is the level of the guest kernel? Is it from snp-latest?

What is the qemu command that you are running? Do all your parameters match those that are specified in the AMDSEV launch-qemu.sh script?

[crinard]

I run the following commands from this directory: Desktop/AMDSEV-standalone/snp-release-2025-01-23/:
sudo usr/local/bin/qemu-img create -f qcow2 ubuntu_uefi.qcow2 50G
sudo ./launch-qemu.sh -hda ubuntu_uefi.qcow2 -cdrom ubuntu-22.04.5-live-server-amd64.iso
Configure with the shell in console=ttys...
run sudo reboot inside the newly configured VM
sudo ./launch-qemu.sh -hda ubuntu_uefi.qcow2 -bios usr/local/share/qemu/ -sev-snp
Which then gives the documented error.
Yes, as I am using the launch-qemu script.

[tlendacky]

Are you installing the SEV-SNP supported guest kernel in the guest image? The base Ubuntu 22.04 kernel doesn't support SNP.

[crinard]

This was the problem. To solve, I copied all of the .deb in the guest directory from the host to the guest, then installed, rebooted, relaunched with SEV-SNP enabled (mostly emulated these instructions: https://docs.nvidia.com/cc-deployment-guide-snp.pdf , page 19-20).

Thank you for the help!

Out of curiosity, my next step is that I need to enable PCIE passthrough to run a GPU code from inside the VM. Is there an easy way to do this with SNP-latest, or is the only known way to do this with the custom sev-snp-devel branch + NVIDIA custom patching?

[tlendacky]

I'm not completely sure on that. The Qemu snp-latest branch does have commits that revert preventing VFIO, so device passthrough should work with that branch. I haven't tried an NVIDIA device, so I'm not sure what else would be needed. Give it a shot and see how it works out. Post back here if you run into any problems.