This is the source code repository for the COCONUT Secure VM Service Module (SVSM), a software which aims to provide secure services and device emulations to guest operating systems in confidential virtual machines (CVMs). It requires AMD Secure Encrypted Virtualization with Secure Nested Paging (AMD SEV-SNP), especially the VM Privilege Level (VMPL) feature.
The COCONUT-SVSM is distributed under the MIT license, which is included in the LICENSE-MIT file.
The project builds on support code written for the linux-svsm, a software written and published by AMD. This includes the necessary hypervisor changes for KVM host, guest, and for the EDK2 firmware.
Detailed installation instructions are in the INSTALL.md file. It walks through the process of building all the necessary parts to get a virtual machine powered by the COCONUT-SVSM up and running.
Information about COCONUT-SVSM can be found on at the COCONUT-SVSM documentation site.
Development discussions happen on the project mailing list (svsm-devel@coconut-svsm.dev). Regular development calls are scheduled via the mailing list.
Any issues, bugs (except embargoed security issues) or feature requests for the SVSM project can be reported via https://github.com/coconut-svsm/svsm/issues.
For security critical bugs please send an email describing the problem and the planned CRD (if known) to security@coconut-svsm.dev.
Contributing to the project is as easy as sending a pull-request via GitHub. For detailed instructions on patch formatting and contribution guidelines please have a look at CONTRIBUTING.md. For documentation guidelines consult RUSTDOC-GUIDELINES.md and DOC-GUIDELINES.md.
The development plan document lists planned and in-progress work items.
Coconut-SVSM components are documented using rustdoc, a tool that produces a user-friendly, browsable website explaining the code's contents. To generate and open the documentation, simply execute the following command:
$ make doc
The COCONUT-SVSM project would not have been possible without the close relationship to AMD. AMD provided the Linux kernel and OVMF modifications to complete the SVSM host and guest stack. Many thanks for the work and our continuous cooperation!
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}
