kernel: Introduce SNP kernel

This introduces the SNP kernel as a confidential computing guest.

Signed-off-by: Joana Pecholt <joana.pecholt@aisec.fraunhofer.de>

tools/packaging/kernel/build-kernel.sh

@@ -101,7 +101,7 @@ Options:
 	-t <hypervisor>	: Hypervisor_target.
 	-u <url>	: Kernel URL to be used to download the kernel tarball.
 	-v <version>	: Kernel version to use if kernel path not provided.
-	-x <type>	: Confidential guest protection type, such as sev and tdx
+	-x <type>	: Confidential guest protection type, such as sev, snp and tdx
 EOF
 	exit "$exit_code"
 }
@@ -525,7 +525,7 @@ main() {
 			x)
 				conf_guest="${OPTARG}"
 				case "$conf_guest" in
-					sev|tdx) ;;
+					sev|snp|tdx) ;;
 					*) die "Confidential guest type '$conf_guest' not supported" ;;
 				esac
 				;;

tools/packaging/kernel/configs/fragments/x86_64/snp/snp.conf

@@ -0,0 +1,10 @@
+# !s390x !ppc64le !arm64
+# enable sev-snp support
+CONFIG_AMD_MEM_ENCRYPT=y
+CONFIG_SEV_GUEST=y
+CONFIG_VIRT_DRIVERS=y
+
+# Prepare kernel for direct boot using OVMF
+CONFIG_EFI=y
+CONFIG_EFI_STUB=y
+

versions.yaml

@@ -102,6 +102,11 @@ assets:
         description: "VMM that uses KVM and supports TDX"
         url: "https://github.com/intel/qemu-dcp"
         tag: "SPR-BKC-QEMU-v2.5"
+      snp:
+        description: "VMM that uses KVM and supports AMD SEV-SNP"
+        url: "https://github.com/AMDESE/qemu"
+        branch: "snp-v3"
+        commit: "ffa95097ee"
 
     qemu-experimental:
       description: "QEMU with virtiofs support"
@@ -162,6 +167,10 @@ assets:
       description: "Linux kernel that supports SEV"
       url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
       version: "v5.19.2"
+    snp:
+      description: "Linux kernel that supports AMD SEV-SNP for VMs"
+      url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
+      version: "v5.19.2"
 
   kernel-experimental:
     description: "Linux kernel with virtio-fs support"