This repository contains the changes that need to be applied on top of edk2 in order to run x86_64 guests on Nitro-based EC2 instances. We use Nix for creating reproducible builds of the UEFI binaries to ensure that the same UEFI binaries that are used with instance launches can be reproduced on any environment. EC2 customers running instances with AMD SEV-SNP support can match their running UEFI firmware with the binaries released here and even reproduce the binaries themselves.
Amazon EC2 instances that have AMD SEV-SNP enabled will use UEFI binaries built in this repository as instance boot firmware. The Github workflow that is run on every new release uses Nix to build the binary. However, the binary can also be generated manually after installing Nix by running the command:
nix-build --pure
This will produce the result/ovmf_img.fd
binary which can be matched
against running and released UEFI binaries.
The sev-snp-measure tool can be used to generate measurements, e.g. for a guest with 4 vCPUs:
./sev-snp-measure.py --mode snp --vcpus=4 --vmm-type=ec2 --ovmf=ovmf_img.fd
See CONTRIBUTING for more information.
This project is licensed under the BSD-2-Clause-Patent License.