Post Syndicated from original https://lwn.net/Articles/841549/rss

James Bottomley has posted a
detailed description of what it takes to get an encrypted image running
securely with AMD’s SEV mechanism. “In this post I’ll discuss how
you actually bring up a confidential VM from an encrypted image while
preserving secrecy. However, first a warning: This post represents the
state of the art and includes patches that are certainly not deployed in
distributions and may not even be upstream, so if you want to follow along
at home you’ll need to patch things like qemu, grub and OVMF.”