[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [for-6.0 v5 13/13] s390: Recognize securable-guest-memory option
|
From: |
David Gibson |
|
Subject: |
Re: [for-6.0 v5 13/13] s390: Recognize securable-guest-memory option |
|
Date: |
Thu, 17 Dec 2020 16:54:42 +1100 |
On Tue, Dec 15, 2020 at 12:45:26PM +0100, Cornelia Huck wrote:
> On Fri, 4 Dec 2020 16:44:15 +1100
> David Gibson <david@gibson.dropbear.id.au> wrote:
>
> > At least some s390 cpu models support "Protected Virtualization" (PV),
> > a mechanism to protect guests from eavesdropping by a compromised
> > hypervisor.
> >
> > This is similar in function to other mechanisms like AMD's SEV and
> > POWER's PEF, which are controlled bythe "securable-guest-memory" machine
>
> s/bythe/by the/
>
> > option. s390 is a slightly special case, because we already supported
> > PV, simply by using a CPU model with the required feature
> > (S390_FEAT_UNPACK).
> >
> > To integrate this with the option used by other platforms, we
> > implement the following compromise:
> >
> > - When the securable-guest-memory option is set, s390 will recognize it,
> > verify that the CPU can support PV (failing if not) and set virtio
> > default options necessary for encrypted or protected guests, as on
> > other platforms. i.e. if securable-guest-memory is set, we will
> > either create a guest capable of entering PV mode, or fail outright
>
> s/outright/outright./
>
> >
> > - If securable-guest-memory is not set, guest's might still be able to
>
> s/guest's/guests/
All those corrected, thanks.
> > enter PV mode, if the CPU has the right model. This may be a
> > little surprising, but shouldn't actually be harmful.
> >
> > To start a guest supporting Protected Virtualization using the new
> > option use the command line arguments:
> > -object s390-pv-guest,id=pv0 -machine securable-guest-memory=pv0
> >
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > ---
> > hw/s390x/pv.c | 58 +++++++++++++++++++++++++++++++++++++++++++
> > include/hw/s390x/pv.h | 1 +
> > target/s390x/kvm.c | 3 +++
> > 3 files changed, 62 insertions(+)
> >
>
> Modulo any naming changes etc., I think this should work for s390. I
> don't have the hardware to test this, however, and would appreciate
> someone with a PV setup giving this a go.
Makes sense.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
- Re: [for-6.0 v5 12/13] securable guest memory: Alter virtio default properties for protected guests, (continued)
- Re: [for-6.0 v5 12/13] securable guest memory: Alter virtio default properties for protected guests, Halil Pasic, 2020/12/04
- Re: [for-6.0 v5 12/13] securable guest memory: Alter virtio default properties for protected guests, David Gibson, 2020/12/07
- Re: [for-6.0 v5 12/13] securable guest memory: Alter virtio default properties for protected guests, Christian Borntraeger, 2020/12/08
- Re: [for-6.0 v5 12/13] securable guest memory: Alter virtio default properties for protected guests, Halil Pasic, 2020/12/08
- Re: [for-6.0 v5 12/13] securable guest memory: Alter virtio default properties for protected guests, Cornelia Huck, 2020/12/08
- Re: [for-6.0 v5 12/13] securable guest memory: Alter virtio default properties for protected guests, David Gibson, 2020/12/17
Re: [for-6.0 v5 12/13] securable guest memory: Alter virtio default properties for protected guests, Cornelia Huck, 2020/12/04
[for-6.0 v5 10/13] spapr: Add PEF based securable guest memory, David Gibson, 2020/12/04
[for-6.0 v5 13/13] s390: Recognize securable-guest-memory option, David Gibson, 2020/12/04
Re: [for-6.0 v5 00/13] Generalize memory encryption models, Christian Borntraeger, 2020/12/04
- Re: [for-6.0 v5 00/13] Generalize memory encryption models, Cornelia Huck, 2020/12/04
- Re: [for-6.0 v5 00/13] Generalize memory encryption models, Dr. David Alan Gilbert, 2020/12/04
- Re: [for-6.0 v5 00/13] Generalize memory encryption models, Cornelia Huck, 2020/12/04
- Re: [for-6.0 v5 00/13] Generalize memory encryption models, David Gibson, 2020/12/07
- Re: [for-6.0 v5 00/13] Generalize memory encryption models, Cornelia Huck, 2020/12/08
- Re: [for-6.0 v5 00/13] Generalize memory encryption models, David Gibson, 2020/12/17
- Re: [for-6.0 v5 00/13] Generalize memory encryption models, Cornelia Huck, 2020/12/17
Re: [for-6.0 v5 00/13] Generalize memory encryption models, Daniel P . Berrangé, 2020/12/04
Re: [for-6.0 v5 00/13] Generalize memory encryption models, Halil Pasic, 2020/12/04