CVM config
CVM Configuration
先按照官方指南完成基础环境: https://github.com/AMDESE/AMDSEV/tree/snp-latest
GPU Passthrough
确认宿主机上的设备 ID:
41:00.0 VGA compatible controller [0300]: NVIDIA Corporation Device [10de:2bb1] (rev a1)
41:00.1 Audio device [0403]: NVIDIA Corporation Device [10de:22e8] (rev a1)
准备 VFIO 所需的模块和黑名单:
sudo cat /etc/modprobe.d/vfio.conf
options vfio-pci ids=10de:2bb1,10de:22e8
blacklist nouveau
blacklist nvidia
blacklist snd_hda_intel
sudo cat /etc/initramfs-tools/modules
vfio
vfio_pci
vfio_iommu_type1
vfio_virqfd
在 QEMU 启动脚本中(紧跟 -nographic/-vga 参数之后)加入以下直通配置:
# ---- GPU passthrough (VFIO) ----
# 直通 41:00.0(VGA)与 41:00.1(音频),二者同槽位,首个需 multifunction=on
add_opts "-device vfio-pci,host=41:00.0,multifunction=on"
add_opts "-device vfio-pci,host=41:00.1"
# --------------------------------
在 Guest 内为 SWIOTLB 预留充足空间:
sudo sed -i 's/^GRUB_CMDLINE_LINUX="/GRUB_CMDLINE_LINUX="swiotlb=524288 /' /etc/default/grub
sudo update-grub
CVM Networking
先尝试使用脚本内置的 slirp 网络:
sudo ./launch-qemu.sh -hda ../ubuntu24-snp.qcow2 -sev-snp -default-network
若出现 network backend 'user' is not compiled into this binary,需要为 QEMU 增加 slirp 支持并重新编译:
sudo apt-get update
sudo apt-get install -y libslirp-dev ninja-build meson pkg-config libglib2.0-dev libslirp0
cd ~/AMDSEV
mkdir -p qemu-build
cd qemu-build
../qemu/configure --prefix=$PWD/../usr/local \
--target-list=x86_64-softmmu \
--enable-slirp
make -j"$(nproc)"
make install
../usr/local/bin/qemu-system-x86_64 -netdev help | grep user
如 DHCP 仍未生效,可在 Guest 内手动配置:
sudo nano /etc/netplan/01-netcfg.yaml
写入:
network:
version: 2
renderer: networkd
ethernets:
enp0s2:
dhcp4: true
sudo netplan apply
或先直接写入临时地址以验证连通性:
sudo ip link set enp0s2 up
sudo ip addr add 10.0.2.15/24 dev enp0s2
sudo ip route add default via 10.0.2.2
echo "nameserver 10.0.2.3" | sudo tee /etc/resolv.conf
最后快速测试连通性:
ping -c 3 archive.ubuntu.com
NVIDIA Driver & CC Mode
安装驱动(安装时选择 MIT + no DKMS):
sudo bash NVIDIA-Linux-x86_64-580.95.05.run --no-cc-version-check --disable-nouveau
启用 CC-on 并重新绑定设备:
GPU=0000:41:00.0
AUDIO=0000:41:00.1
echo $GPU | sudo tee /sys/bus/pci/devices/$GPU/driver/unbind
echo $AUDIO | sudo tee /sys/bus/pci/devices/$AUDIO/driver/unbind
sudo modprobe nvidia
echo $GPU | sudo tee /sys/bus/pci/drivers/nvidia/bind
echo $AUDIO | sudo tee /sys/bus/pci/drivers/nvidia/bind
sudo python3 nvidia_gpu_tools.py --devices 0000:41:00.0 --set-cc-mode=on --reset-after-cc-mode-switch
# PPCIe 可能不支持,但失败也没关系
sudo python3 nvidia_gpu_tools.py --devices 0000:41:00.0 --set-ppcie-mode=on --reset-after-ppcie-mode-switch
切换回 VFIO 并确认状态:
echo vfio-pci | sudo tee /sys/bus/pci/devices/$GPU/driver_override
echo vfio-pci | sudo tee /sys/bus/pci/devices/$AUDIO/driver_override
[ -e /sys/bus/pci/devices/$GPU/driver ] && echo $GPU | sudo tee /sys/bus/pci/devices/$GPU/driver/unbind
[ -e /sys/bus/pci/devices/$AUDIO/driver ] && echo $AUDIO | sudo tee /sys/bus/pci/devices/$AUDIO/driver/unbind
echo $GPU | sudo tee /sys/bus/pci/drivers/vfio-pci/bind
echo $AUDIO | sudo tee /sys/bus/pci/drivers/vfio-pci/bind
# 验证
lspci -nnk | grep -A3 41:00
CUDA Toolkit
安装 nvcc 及工具链:
sudo apt install -y nvidia-utils-580 nvidia-cuda-toolkit
如果报错 LTR is disabled,在 QEMU 命令行里补充:
add_opts "-global pcie-root-port.x-ltr=true"