xemu-project/xemu
1
0
Fork 0
mirror of https://github.com/xemu-project/xemu.git synced 2024-11-27 13:30:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
651615d92d
xemu/docs
History
David Gibson 651615d92d s390: Recognize confidential-guest-support option 
At least some s390 cpu models support "Protected Virtualization" (PV),
a mechanism to protect guests from eavesdropping by a compromised
hypervisor.

This is similar in function to other mechanisms like AMD's SEV and
POWER's PEF, which are controlled by the "confidential-guest-support"
machine option.  s390 is a slightly special case, because we already
supported PV, simply by using a CPU model with the required feature
(S390_FEAT_UNPACK).

To integrate this with the option used by other platforms, we
implement the following compromise:

 - When the confidential-guest-support option is set, s390 will
   recognize it, verify that the CPU can support PV (failing if not)
   and set virtio default options necessary for encrypted or protected
   guests, as on other platforms.  i.e. if confidential-guest-support
   is set, we will either create a guest capable of entering PV mode,
   or fail outright.

 - If confidential-guest-support is not set, guests might still be
   able to enter PV mode, if the CPU has the right model.  This may be
   a little surprising, but shouldn't actually be harmful.

To start a guest supporting Protected Virtualization using the new
option use the command line arguments:
    -object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
2021-02-08 16:57:38 +11:00
..
_templates docs: add "page source" link to sphinx documentation 2020-11-10 08:51:30 +01:00
config
devel trace: update docs with meson build information 2021-02-01 11:23:04 +00:00
interop docs/interop/qmp-spec: Document the request queue limit 2021-02-04 13:20:29 +01:00
specs pvpanic : update pvpanic spec document 2021-01-29 10:47:28 +00:00
sphinx Revert "docs: temporarily disable the kernel-doc extension" 2020-12-10 12:15:25 -05:00
spin
system s390: Recognize confidential-guest-support option 2021-02-08 16:57:38 +11:00
tools docs: Build and install all the docs in a single manual 2021-01-19 15:45:14 +00:00
user docs: Build and install all the docs in a single manual 2021-01-19 15:45:14 +00:00
amd-memory-encryption.txt confidential guest support: Update documentation 2021-02-08 16:57:38 +11:00
barrier.txt ui: add an embedded Barrier client 2019-09-17 13:43:22 +02:00
block-replication.txt colo: Update Documentation for continuous replication 2020-03-03 18:04:47 +08:00
bootindex.txt
can.txt docs: Fix some typos (found by codespell) 2020-11-18 09:29:41 +01:00
ccid.txt
COLO-FT.txt docs/: fix some comment spelling errors 2020-09-17 20:37:13 +02:00
colo-proxy.txt
conf.py docs: Build and install all the docs in a single manual 2021-01-19 15:45:14 +00:00
confidential-guest-support.txt s390: Recognize confidential-guest-support option 2021-02-08 16:57:38 +11:00
defs.rst.inc docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
generic-loader.txt
hyperv.txt i386/kvm: correct the meaning of '0xffffffff' value for hv-spinlocks 2020-09-18 13:49:54 -04:00
igd-assign.txt
image-fuzzer.txt
index.rst docs/index.rst, docs/index.html.in: Reorder manuals 2020-03-12 11:14:06 +00:00
memory-hotplug.txt
meson.build docs: Build and install all the docs in a single manual 2021-01-19 15:45:14 +00:00
multi-thread-compression.txt
multiseat.txt
nvdimm.txt nvdimm: check -object memory-backend-file, readonly=on option 2021-02-01 17:07:34 -05:00
papr-pef.txt spapr: Add PEF based confidential guest support 2021-02-08 16:57:38 +11:00
pci_expander_bridge.txt
pcie_pci_bridge.txt
pcie.txt
pvrdma.txt docs: Fix broken links 2020-09-01 09:31:33 +02:00
qcow2-cache.txt qcow2: Document the Extended L2 Entries feature 2020-08-25 08:33:20 +02:00
qdev-device-use.txt docs/qdev-device-use: Don't suggest -drive and -net can do USB 2020-09-03 09:58:39 +02:00
qemu_logo.pdf
qemu-option-trace.rst.inc qemu-option-trace.rst.inc: Don't use option:: markup 2020-11-02 16:52:18 +00:00
qemupciserial.inf
rdma.txt docs/: fix some comment spelling errors 2020-09-17 20:37:13 +02:00
replay.txt docs: Fix some typos (found by codespell) 2020-11-18 09:29:41 +01:00
spice-port-fqdn.txt
throttle.txt docs: Document the throttle block filter 2020-10-02 15:46:40 +02:00
u2f.txt hw/usb: Add U2F device autoscan to passthru mode 2020-08-31 08:23:39 +02:00
usb2.txt
usb-storage.txt
virtio-balloon-stats.txt
xbzrle.txt docs/xbzrle: update 'cache miss rate' and 'encoding rate' to docs 2020-06-17 17:48:39 +01:00
xen-save-devices-state.txt