Hi CloudHypervisor team,

I'd like to create an issue to track the work of supporting SNP guests on KVM.

The idea was discussed with @likebreath weeks ago; overall we'd like to contribute to CloudHypervisor so that it can boot Oak Stage0, Oak Restricted Kernel, and Oak Containers in SEV-SNP guests on KVM.

The work will be based on Linux kernel 6.11, which contains the SNP specific KVM APIs upstreamed by AMD. Some high-level tasks are:

• sev_snp feature - decouple fromigvm and mshv; @jinankjain
• hypervisor/kvm changes - implement sev_snp_init, import_isolated_pages, and complete_isolated_import with KVM_SEV_SNP_* ioctls; handle GHCB and I/O etc;
• vmm changes: load firmware, set up CPUID & SECRETS pages, initialize AP registers.
• Replacement offw_cfg which is not available in CHV but needed for OVMF/Oak Stage0 to receive kernel and initrd information.

Please let me know what you think.