kernel: Introduce SNP kernel

This introduces the SNP kernel as a confidential computing guest.

Signed-off-by: Joana Pecholt <joana.pecholt@aisec.fraunhofer.de>

tools/packaging/kernel/build-kernel.sh

@@ -101,7 +101,7 @@ Options:
 	-t <hypervisor>	: Hypervisor_target.
 	-u <url>	: Kernel URL to be used to download the kernel tarball.
 	-v <version>	: Kernel version to use if kernel path not provided.
-	-x <type>	: Confidential guest protection type, such as sev and tdx
+	-x <type>	: Confidential guest protection type, such as sev, snp and tdx
 EOF
 	exit "$exit_code"
 }
@@ -525,7 +525,7 @@ main() {
 			x)
 				conf_guest="${OPTARG}"
 				case "$conf_guest" in
-					sev|tdx) ;;
+					sev|snp|tdx) ;;
 					*) die "Confidential guest type '$conf_guest' not supported" ;;
 				esac
 				;;

tools/packaging/kernel/configs/fragments/x86_64/snp/snp.conf

@@ -0,0 +1,10 @@
+# !s390x !ppc64le !arm64
+# enable sev-snp support
+CONFIG_AMD_MEM_ENCRYPT=y
+CONFIG_SEV_GUEST=y
+CONFIG_VIRT_DRIVERS=y
+
+# Prepare kernel for direct boot using OVMF
+CONFIG_EFI=y
+CONFIG_EFI_STUB=y
+