红帽全球峰会7.3. Configuring a RHEL VM on Azure with AMD SEV SNP
AMD Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) is a security type of the Confidential Virtual Machine (CVM) technology for Red Hat Enterprise Linux (RHEL) on Azure Virtual Machines (VMs) and available only for AMD EPYC processor family. SEV-SNP provides a trusted boot environment so that the entire process becomes secured and protected such that hypervisor and cloud service provider cannot access the data.
Prerequisites
-
You have installed the
opensshandopenssh-clientspackages. - You have installed the Azure CLI utility. For details, see Installing the Azure CLI.
- You have launched the instance only from the mentioned Azure instance types. For details, see Supported VM sizes for CVM.
Procedure
Log in to Azure by using the Azure CLI utility:
$ az loginCreate an azure resource group for selected availability zone:
$ az group create --name <example_resource_group> --location eastusDeploy a RHEL instance with SEV-SNP, for example, the
Standard_DC4as_V5instance type:$ az vm create --resource-group <example_resource_group> \ --name <example-rhel-10-sev-snp-instance> \ --image <RedHat:rhel:10_x64_Gen2:latest> \ --size <Standard_DC4as_V5> \ --admin-username <example_azure_user> \ --generate-ssh-keys \ --security-type ConfidentialVM \ --os-disk-security-encryption-type DiskWithVMGuestStateConnect to the RHEL instance:
$ ssh <example_azure_user>@<example_ip_address_of_VM>
Verification
Check kernel logs to verify status of SEV-SNP:
$ sudo dmesg | grep -i sev... [ 0.547223] Memory Encryption Features active: AMD SEV [ 4.843171] kvm-guest: setup_efi_kvm_sev_migration : EFI live migration variable not found ...
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}