Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200430' int…
…o staging - update Linux headers to 5.7-rc3 (and virtio-net fixup) - support for protected virtualization aka secure execution # gpg: Signature made Thu 30 Apr 2020 10:41:31 BST # gpg: using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF # gpg: issuer "cohuck@redhat.com" # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [marginal] # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full] # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full] # gpg: aka "Cornelia Huck <cohuck@kernel.org>" [marginal] # gpg: aka "Cornelia Huck <cohuck@redhat.com>" [marginal] # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20200430: s390x/s390-virtio-ccw: Fix build on systems without KVM s390x/pv: Retry ioctls on -EINTR s390x: protvirt: Fix stray error_report_err in s390_machine_protect s390x: Add unpack facility feature to GA1 docs: system: Add protvirt docs s390x: protvirt: Handle SIGP store status correctly s390x: protvirt: Move IO control structures over SIDA s390x: protvirt: Disable address checks for PV guest IO emulation s390x: protvirt: Move diag 308 data over SIDA s390x: protvirt: Set guest IPL PSW s390x: protvirt: SCLP interpretation s390x: protvirt: Move STSI data over SIDAD s390x: Add SIDA memory ops s390x: protvirt: KVM intercept changes s390x: protvirt: Inhibit balloon when switching to protected mode s390x: protvirt: Add migration blocker s390x: protvirt: Support unpack facility s390x: Move diagnose 308 subcodes and rcs into ipl.h linux-headers: update against Linux 5.7-rc3 virtio-net: fix rsc_ext compat handling Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
- Loading branch information
Showing
41 changed files
with
1,116 additions
and
98 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
Protected Virtualization on s390x | ||
================================= | ||
|
||
The memory and most of the registers of Protected Virtual Machines | ||
(PVMs) are encrypted or inaccessible to the hypervisor, effectively | ||
prohibiting VM introspection when the VM is running. At rest, PVMs are | ||
encrypted and can only be decrypted by the firmware, represented by an | ||
entity called Ultravisor, of specific IBM Z machines. | ||
|
||
|
||
Prerequisites | ||
------------- | ||
|
||
To run PVMs, a machine with the Protected Virtualization feature, as | ||
indicated by the Ultravisor Call facility (stfle bit 158), is | ||
required. The Ultravisor needs to be initialized at boot by setting | ||
`prot_virt=1` on the host's kernel command line. | ||
|
||
Running PVMs requires using the KVM hypervisor. | ||
|
||
If those requirements are met, the capability `KVM_CAP_S390_PROTECTED` | ||
will indicate that KVM can support PVMs on that LPAR. | ||
|
||
|
||
QEMU Settings | ||
------------- | ||
|
||
To indicate to the VM that it can transition into protected mode, the | ||
`Unpack facility` (stfle bit 161 represented by the feature | ||
`unpack`/`S390_FEAT_UNPACK`) needs to be part of the cpu model of | ||
the VM. | ||
|
||
All I/O devices need to use the IOMMU. | ||
Passthrough (vfio) devices are currently not supported. | ||
|
||
Host huge page backings are not supported. However guests can use huge | ||
pages as indicated by its facilities. | ||
|
||
|
||
Boot Process | ||
------------ | ||
|
||
A secure guest image can either be loaded from disk or supplied on the | ||
QEMU command line. Booting from disk is done by the unmodified | ||
s390-ccw BIOS. I.e., the bootmap is interpreted, multiple components | ||
are read into memory and control is transferred to one of the | ||
components (zipl stage3). Stage3 does some fixups and then transfers | ||
control to some program residing in guest memory, which is normally | ||
the OS kernel. The secure image has another component prepended | ||
(stage3a) that uses the new diag308 subcodes 8 and 10 to trigger the | ||
transition into secure mode. | ||
|
||
Booting from the image supplied on the QEMU command line requires that | ||
the file passed via -kernel has the same memory layout as would result | ||
from the disk boot. This memory layout includes the encrypted | ||
components (kernel, initrd, cmdline), the stage3a loader and | ||
metadata. In case this boot method is used, the command line | ||
options -initrd and -cmdline are ineffective. The preparation of a PVM | ||
image is done via the `genprotimg` tool from the s390-tools | ||
collection. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.