[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v4 16/16] docs: Add protvirt docs
|
From: |
Janosch Frank |
|
Subject: |
[PATCH v4 16/16] docs: Add protvirt docs |
|
Date: |
Thu, 20 Feb 2020 07:56:38 -0500 |
Lets add some documentation for the Protected VM functionality.
Signed-off-by: Janosch Frank <address@hidden>
---
docs/protvirt.rst | 53 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
create mode 100644 docs/protvirt.rst
diff --git a/docs/protvirt.rst b/docs/protvirt.rst
new file mode 100644
index 0000000000..8bfa72be01
--- /dev/null
+++ b/docs/protvirt.rst
@@ -0,1 +1,53 @@
+Protected Virtualization on s390x
+========================
+The memory and most of the register contents of Protected Virtual
+Machines (PVMs) are inaccessible to the hypervisor, effectively
+prohibiting VM introspection when the VM is running. At rest, PVMs are
+encrypted and can only be decrypted by the firmware of specific IBM Z
+machines.
+
+
+Prerequisites
+-------------
+To run PVMs, you need to have a machine with the Protected
+Virtualization feature, which is indicated by the Ultravisor Call
+facility (stfle bit 158). This is a KVM only feature, therefore you
+need a KVM which is able to support PVMs and activate the Ultravisor
+initialization by setting "prot_virt=1" on the kernel command line.
+
+If those requirements are met, the capability "KVM_CAP_S390_PROTECTED"
+will indicate that KVM can support PVMs on that LPAR.
+
+
+QEMU Settings
+-------------
+To indicate to the VM that it can move into protected mode, the
+"Unpack facility" (stfle bit 161) needs to be part of the cpu model of
+the VM.
+
+All I/O devices need to use the IOMMU.
+Passthrough devices are currently not supported.
+
+Host huge page backings are not supported. The guest however can use
+huge pages as indicated by its facilities.
+
+
+Boot Process
+-----------------
+A secure guest image can be booted from disk and using the QEMU
+command line. Booting from disk is done by the unmodified s390-ccw
+BIOS. I.e., the bootmap is interpreted and a number of components is
+read into memory and control is transferred to one of the components
+(zipl stage3), which does some fixups and then transfers control to
+some program residing in guest memory, which is normally the OS
+kernel. The secure image has another component prepended (stage3a)
+which uses the new diag308 subcodes 8 and 10 to trigger the transition
+into secure mode.
+
+Booting from the command line requires that the file passed
+via -kernel has the same memory layout as would result from the disk
+boot. This memory layout includes the encrypted components (kernel,
+initrd, cmdline), the stage3a loader and metadata. In case this boot
+method is used, the command line options -initrd and -cmdline are
+ineffective. The preparation of secure guest image is done by a
+program (name tbd) of the s390-tools package.
--
2.20.1
- [PATCH v4 07/16] s390x: Add SIDA memory ops, (continued)
- [PATCH v4 07/16] s390x: Add SIDA memory ops, Janosch Frank, 2020/02/20
- [PATCH v4 08/16] s390x: protvirt: Move STSI data over SIDAD, Janosch Frank, 2020/02/20
- [PATCH v4 09/16] s390x: protvirt: SCLP interpretation, Janosch Frank, 2020/02/20
- [PATCH v4 12/16] s390x: protvirt: Disable address checks for PV guest IO emulation, Janosch Frank, 2020/02/20
- [PATCH v4 14/16] s390x: protvirt: Handle SIGP store status correctly, Janosch Frank, 2020/02/20
- [PATCH v4 15/16] s390x: Add unpack feature to GA1, Janosch Frank, 2020/02/20
- [PATCH v4 16/16] docs: Add protvirt docs,
Janosch Frank <=
- [PATCH v4 13/16] s390x: protvirt: Move IO control structures over SIDA, Janosch Frank, 2020/02/20
- [PATCH v4 11/16] s390x: protvirt: Move diag 308 data over SIDAD, Janosch Frank, 2020/02/20
- [PATCH v4 10/16] s390x: protvirt: Set guest IPL PSW, Janosch Frank, 2020/02/20