qemu/docs/system/s390x/protvirt.rst

Protected Virtualization on s390x
=================================

The memory and most of the registers of Protected Virtual Machines
(PVMs) are encrypted or inaccessible to the hypervisor, effectively
prohibiting VM introspection when the VM is running. At rest, PVMs are
encrypted and can only be decrypted by the firmware, represented by an
entity called Ultravisor, of specific IBM Z machines.


Prerequisites
-------------

To run PVMs, a machine with the Protected Virtualization feature, as
indicated by the Ultravisor Call facility (stfle bit 158), is
required. The Ultravisor needs to be initialized at boot by setting
``prot_virt=1`` on the host's kernel command line.

Running PVMs requires using the KVM hypervisor.

If those requirements are met, the capability ``KVM_CAP_S390_PROTECTED``
will indicate that KVM can support PVMs on that LPAR.


Running a Protected Virtual Machine
-----------------------------------

To run a PVM you will need to select a CPU model which includes the
``Unpack facility`` (stfle bit 161 represented by the feature
``unpack``/``S390_FEAT_UNPACK``), and add these options to the command line::

    -object s390-pv-guest,id=pv0 \
    -machine confidential-guest-support=pv0

Adding these options will:

* Ensure the ``unpack`` facility is available
* Enable the IOMMU by default for all I/O devices
* Initialize the PV mechanism

Passthrough (vfio) devices are currently not supported.

Host huge page backings are not supported. However guests can use huge
pages as indicated by its facilities.


Boot Process
------------

A secure guest image can either be loaded from disk or supplied on the
QEMU command line. Booting from disk is done by the unmodified
s390-ccw BIOS. I.e., the bootmap is interpreted, multiple components
are read into memory and control is transferred to one of the
components (zipl stage3). Stage3 does some fixups and then transfers
control to some program residing in guest memory, which is normally
the OS kernel. The secure image has another component prepended
(stage3a) that uses the new diag308 subcodes 8 and 10 to trigger the
transition into secure mode.

Booting from the image supplied on the QEMU command line requires that
the file passed via -kernel has the same memory layout as would result
from the disk boot. This memory layout includes the encrypted
components (kernel, initrd, cmdline), the stage3a loader and
metadata. In case this boot method is used, the command line
options -initrd and -cmdline are ineffective. The preparation of a PVM
image is done via the ``genprotimg`` tool from the s390-tools
collection.
docs: system: Add protvirt docs Let's add some documentation for the Protected VM functionality. Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Acked-by: David Hildenbrand <david@redhat.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20200319131921.2367-16-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com> 2020-03-19 21:19:20 +08:00			`Protected Virtualization on s390x`
			`=================================`

			`The memory and most of the registers of Protected Virtual Machines`
			`(PVMs) are encrypted or inaccessible to the hypervisor, effectively`
			`prohibiting VM introspection when the VM is running. At rest, PVMs are`
			`encrypted and can only be decrypted by the firmware, represented by an`
			`entity called Ultravisor, of specific IBM Z machines.`


			`Prerequisites`
			`-------------`

			`To run PVMs, a machine with the Protected Virtualization feature, as`
			`indicated by the Ultravisor Call facility (stfle bit 158), is`
			`required. The Ultravisor needs to be initialized at boot by setting`
docs/system/s390x/protvirt.rst: Format literals correctly In rST markup, single backticks `like this` represent "interpreted text", which can be handled as a bunch of different things if tagged with a specific "role": https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text (the most common one for us is "reference to a URL, which gets hyperlinked"). The default "role" if none is specified is "title_reference", intended for references to book or article titles, and it renders into the HTML as <cite>...</cite> (usually comes out as italics). To format a literal (generally rendered as fixed-width font), double-backticks are required. protvirt.rst consistently uses single backticks when double backticks are required; correct it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Cornelia Huck <cohuck@redhat.com> Message-id: 20210726142338.31872-7-peter.maydell@linaro.org 2021-07-26 22:23:34 +08:00			``prot_virt=1`` on the host's kernel command line.
docs: system: Add protvirt docs Let's add some documentation for the Protected VM functionality. Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Acked-by: David Hildenbrand <david@redhat.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20200319131921.2367-16-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com> 2020-03-19 21:19:20 +08:00
			`Running PVMs requires using the KVM hypervisor.`

docs/system/s390x/protvirt.rst: Format literals correctly In rST markup, single backticks `like this` represent "interpreted text", which can be handled as a bunch of different things if tagged with a specific "role": https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text (the most common one for us is "reference to a URL, which gets hyperlinked"). The default "role" if none is specified is "title_reference", intended for references to book or article titles, and it renders into the HTML as <cite>...</cite> (usually comes out as italics). To format a literal (generally rendered as fixed-width font), double-backticks are required. protvirt.rst consistently uses single backticks when double backticks are required; correct it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Cornelia Huck <cohuck@redhat.com> Message-id: 20210726142338.31872-7-peter.maydell@linaro.org 2021-07-26 22:23:34 +08:00			If those requirements are met, the capability ``KVM_CAP_S390_PROTECTED``
docs: system: Add protvirt docs Let's add some documentation for the Protected VM functionality. Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Acked-by: David Hildenbrand <david@redhat.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20200319131921.2367-16-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com> 2020-03-19 21:19:20 +08:00			`will indicate that KVM can support PVMs on that LPAR.`


s390: Recognize confidential-guest-support option At least some s390 cpu models support "Protected Virtualization" (PV), a mechanism to protect guests from eavesdropping by a compromised hypervisor. This is similar in function to other mechanisms like AMD's SEV and POWER's PEF, which are controlled by the "confidential-guest-support" machine option. s390 is a slightly special case, because we already supported PV, simply by using a CPU model with the required feature (S390_FEAT_UNPACK). To integrate this with the option used by other platforms, we implement the following compromise: - When the confidential-guest-support option is set, s390 will recognize it, verify that the CPU can support PV (failing if not) and set virtio default options necessary for encrypted or protected guests, as on other platforms. i.e. if confidential-guest-support is set, we will either create a guest capable of entering PV mode, or fail outright. - If confidential-guest-support is not set, guests might still be able to enter PV mode, if the CPU has the right model. This may be a little surprising, but shouldn't actually be harmful. To start a guest supporting Protected Virtualization using the new option use the command line arguments: -object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0 Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> 2020-07-23 12:36:45 +08:00			`Running a Protected Virtual Machine`
			`-----------------------------------`
docs: system: Add protvirt docs Let's add some documentation for the Protected VM functionality. Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Acked-by: David Hildenbrand <david@redhat.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20200319131921.2367-16-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com> 2020-03-19 21:19:20 +08:00
s390: Recognize confidential-guest-support option At least some s390 cpu models support "Protected Virtualization" (PV), a mechanism to protect guests from eavesdropping by a compromised hypervisor. This is similar in function to other mechanisms like AMD's SEV and POWER's PEF, which are controlled by the "confidential-guest-support" machine option. s390 is a slightly special case, because we already supported PV, simply by using a CPU model with the required feature (S390_FEAT_UNPACK). To integrate this with the option used by other platforms, we implement the following compromise: - When the confidential-guest-support option is set, s390 will recognize it, verify that the CPU can support PV (failing if not) and set virtio default options necessary for encrypted or protected guests, as on other platforms. i.e. if confidential-guest-support is set, we will either create a guest capable of entering PV mode, or fail outright. - If confidential-guest-support is not set, guests might still be able to enter PV mode, if the CPU has the right model. This may be a little surprising, but shouldn't actually be harmful. To start a guest supporting Protected Virtualization using the new option use the command line arguments: -object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0 Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> 2020-07-23 12:36:45 +08:00			`To run a PVM you will need to select a CPU model which includes the`
docs/system/s390x/protvirt.rst: Format literals correctly In rST markup, single backticks `like this` represent "interpreted text", which can be handled as a bunch of different things if tagged with a specific "role": https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text (the most common one for us is "reference to a URL, which gets hyperlinked"). The default "role" if none is specified is "title_reference", intended for references to book or article titles, and it renders into the HTML as <cite>...</cite> (usually comes out as italics). To format a literal (generally rendered as fixed-width font), double-backticks are required. protvirt.rst consistently uses single backticks when double backticks are required; correct it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Cornelia Huck <cohuck@redhat.com> Message-id: 20210726142338.31872-7-peter.maydell@linaro.org 2021-07-26 22:23:34 +08:00			``Unpack facility`` (stfle bit 161 represented by the feature
			``unpack``/``S390_FEAT_UNPACK``), and add these options to the command line::
s390: Recognize confidential-guest-support option At least some s390 cpu models support "Protected Virtualization" (PV), a mechanism to protect guests from eavesdropping by a compromised hypervisor. This is similar in function to other mechanisms like AMD's SEV and POWER's PEF, which are controlled by the "confidential-guest-support" machine option. s390 is a slightly special case, because we already supported PV, simply by using a CPU model with the required feature (S390_FEAT_UNPACK). To integrate this with the option used by other platforms, we implement the following compromise: - When the confidential-guest-support option is set, s390 will recognize it, verify that the CPU can support PV (failing if not) and set virtio default options necessary for encrypted or protected guests, as on other platforms. i.e. if confidential-guest-support is set, we will either create a guest capable of entering PV mode, or fail outright. - If confidential-guest-support is not set, guests might still be able to enter PV mode, if the CPU has the right model. This may be a little surprising, but shouldn't actually be harmful. To start a guest supporting Protected Virtualization using the new option use the command line arguments: -object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0 Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> 2020-07-23 12:36:45 +08:00
			`-object s390-pv-guest,id=pv0 \`
			`-machine confidential-guest-support=pv0`

			`Adding these options will:`

docs/system/s390x/protvirt.rst: Format literals correctly In rST markup, single backticks `like this` represent "interpreted text", which can be handled as a bunch of different things if tagged with a specific "role": https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text (the most common one for us is "reference to a URL, which gets hyperlinked"). The default "role" if none is specified is "title_reference", intended for references to book or article titles, and it renders into the HTML as <cite>...</cite> (usually comes out as italics). To format a literal (generally rendered as fixed-width font), double-backticks are required. protvirt.rst consistently uses single backticks when double backticks are required; correct it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Cornelia Huck <cohuck@redhat.com> Message-id: 20210726142338.31872-7-peter.maydell@linaro.org 2021-07-26 22:23:34 +08:00			* Ensure the ``unpack`` facility is available
s390: Recognize confidential-guest-support option At least some s390 cpu models support "Protected Virtualization" (PV), a mechanism to protect guests from eavesdropping by a compromised hypervisor. This is similar in function to other mechanisms like AMD's SEV and POWER's PEF, which are controlled by the "confidential-guest-support" machine option. s390 is a slightly special case, because we already supported PV, simply by using a CPU model with the required feature (S390_FEAT_UNPACK). To integrate this with the option used by other platforms, we implement the following compromise: - When the confidential-guest-support option is set, s390 will recognize it, verify that the CPU can support PV (failing if not) and set virtio default options necessary for encrypted or protected guests, as on other platforms. i.e. if confidential-guest-support is set, we will either create a guest capable of entering PV mode, or fail outright. - If confidential-guest-support is not set, guests might still be able to enter PV mode, if the CPU has the right model. This may be a little surprising, but shouldn't actually be harmful. To start a guest supporting Protected Virtualization using the new option use the command line arguments: -object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0 Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> 2020-07-23 12:36:45 +08:00			`* Enable the IOMMU by default for all I/O devices`
			`* Initialize the PV mechanism`
docs: system: Add protvirt docs Let's add some documentation for the Protected VM functionality. Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Acked-by: David Hildenbrand <david@redhat.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20200319131921.2367-16-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com> 2020-03-19 21:19:20 +08:00
			`Passthrough (vfio) devices are currently not supported.`

			`Host huge page backings are not supported. However guests can use huge`
			`pages as indicated by its facilities.`


			`Boot Process`
			`------------`

			`A secure guest image can either be loaded from disk or supplied on the`
			`QEMU command line. Booting from disk is done by the unmodified`
			`s390-ccw BIOS. I.e., the bootmap is interpreted, multiple components`
			`are read into memory and control is transferred to one of the`
			`components (zipl stage3). Stage3 does some fixups and then transfers`
			`control to some program residing in guest memory, which is normally`
			`the OS kernel. The secure image has another component prepended`
			`(stage3a) that uses the new diag308 subcodes 8 and 10 to trigger the`
			`transition into secure mode.`

			`Booting from the image supplied on the QEMU command line requires that`
			`the file passed via -kernel has the same memory layout as would result`
			`from the disk boot. This memory layout includes the encrypted`
			`components (kernel, initrd, cmdline), the stage3a loader and`
			`metadata. In case this boot method is used, the command line`
			`options -initrd and -cmdline are ineffective. The preparation of a PVM`
docs/system/s390x/protvirt.rst: Format literals correctly In rST markup, single backticks `like this` represent "interpreted text", which can be handled as a bunch of different things if tagged with a specific "role": https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text (the most common one for us is "reference to a URL, which gets hyperlinked"). The default "role" if none is specified is "title_reference", intended for references to book or article titles, and it renders into the HTML as <cite>...</cite> (usually comes out as italics). To format a literal (generally rendered as fixed-width font), double-backticks are required. protvirt.rst consistently uses single backticks when double backticks are required; correct it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Cornelia Huck <cohuck@redhat.com> Message-id: 20210726142338.31872-7-peter.maydell@linaro.org 2021-07-26 22:23:34 +08:00			image is done via the ``genprotimg`` tool from the s390-tools
docs: system: Add protvirt docs Let's add some documentation for the Protected VM functionality. Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Acked-by: David Hildenbrand <david@redhat.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20200319131921.2367-16-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com> 2020-03-19 21:19:20 +08:00			`collection.`