Lines Matching +full:inside +full:- +full:secure
5 The Power machine para-virtualized environment described by the Linux on Power
18 - POWER7, POWER7+
19 - POWER8, POWER8NVL
20 - POWER9
21 - Power10
22 - Power11
23 - Support for POWER5+ also exists, works with correct kernel/userspace
25 - XICS (POWER8)
26 - XIVE (Supported by below:)
27 - POWER9
28 - Power10
29 - Power11
47 implementation of the `IEEE 1275-1994, Standard for Boot (Initialization
49 <https://standards.ieee.org/standard/1275-1994.html>`_.
58 ``-machine pseries,x-vof=on``. When enabled, the firmware acts as a slim
62 relies on ``-kernel`` used with Linux kernels recent enough (v5.4+)
65 Booting via ``-kernel`` supports the following:
67 +-------------------+-------------------+------------------+
68 | kernel | pseries,x-vof=off | pseries,x-vof=on |
71 +-------------------+-------------------+------------------+
73 +-------------------+-------------------+------------------+
75 +-------------------+-------------------+------------------+
77 +-------------------+-------------------+------------------+
79 ¹ must set kernel-addr=0
84 .. code-block:: bash
86 ./configure --target-list=ppc64-softmmu && make
94 .. code-block:: bash
96 qemu-system-ppc64 -M pseries <other QEMU arguments>
101 The sPAPR specification defines a set of para-virtualized devices, which are
103 ``-device`` option:
105 * ``spapr-vlan`` : a virtual network interface.
106 * ``spapr-vscsi`` : a virtual SCSI disk interface.
107 * ``spapr-rng`` : a pseudo-device for passing random number generator data to the
110 * ``spapr-vty``: a virtual teletype.
111 * ``spapr-pci-host-bridge``: a PCI host bridge.
112 * ``tpm-spapr``: a Trusted Platform Module (TPM).
113 * ``spapr-tpm-proxy``: a TPM proxy.
119 hypervisor and non-Linux guests in mind, you should use the virtio counterparts
120 (virtio-net, virtio-blk/scsi and virtio-rng for instance) if possible instead,
126 * A NVRAM device (``spapr-nvram``).
127 * A virtual teletype (``spapr-vty``).
128 * A PCI host bridge (``spapr-pci-host-bridge``).
130 Hence, it is not needed to add them manually, unless you use the ``-nodefaults``
133 In the case of the default ``spapr-nvram`` device, if someone wants to make the
136 ``-drive if=pflash,file=<filename>,format=raw`` to set the default PFLASH
138 (``-drive if=none,file=<filename>,format=raw,id=pfid``) and pass that ID to the
139 NVRAM device with ``-global spapr-nvram.drive=pfid``.
142 -------------------
151 ../../specs/ppc-spapr-hotplug.rst
152 ../../specs/ppc-spapr-hcalls.rst
153 ../../specs/ppc-spapr-numa.rst
154 ../../specs/ppc-spapr-uv-hcalls.rst
155 ../../specs/ppc-spapr-xive.rst
157 Switching between the KVM-PR and KVM-HV kernel module
165 possible to switch between the two modes with the ``kvm-type`` parameter:
167 * Use ``qemu-system-ppc64 -M pseries,accel=kvm,kvm-type=PR`` to use the
169 * Use ``qemu-system-ppc64 -M pseries,accel=kvm,kvm-type=HV`` to use ``kvm_hv.ko``
172 KVM-PR
173 ------
175 KVM-PR uses the so-called **PR**\ oblem state of the PPC CPUs to run the guests,
177 trap and have to be emulated by the host. That means you can run KVM-PR inside
184 privileged instructions run quite slow with KVM-PR. On the other hand, because
189 As KVM-PR can be run inside a pSeries guest, it can also provide nested
192 It is important to notice that, as KVM-HV provides a much better execution
194 years. Maintenance for KVM-PR has been minimal.
196 In order to run KVM-PR guests with POWER9 processors, someone will need to start
199 KVM-HV
200 ------
202 KVM-HV uses the hypervisor mode of more recent Power processors, that allow
206 Originally, KVM-HV was only available when running on a PowerNV platform (a.k.a.
209 hypervisor mode of the Power CPU, it wasn't possible to run KVM-HV on a guest.
210 This limitation has been lifted, and now it is possible to run KVM-HV inside
211 pSeries guests as well, making nested virtualization possible with KVM-HV.
213 As KVM-HV has access to privileged instructions, guests that use a lot of these
214 can run much faster than with KVM-PR. On the other hand, the guest CPU has to be
216 embedded PPC CPU for the guest with KVM-HV. However, there is at least the
217 possibility to run the guest in a backward-compatibility mode of the previous
219 ``-cpu POWER8,compat=power7`` as parameter to QEMU.
226 run. As long as you are in a supported environment, you can run KVM-PR or KVM-HV
229 +--------------+------------+------+-------------------+----------+--------+
230 | Platform | Host type | Bits | Page table format | KVM-HV | KVM-PR |
233 | | | +-------------------+----------+--------+
235 | | +------+-------------------+----------+--------+
237 | | | +-------------------+----------+--------+
239 +--------------+------------+------+-------------------+----------+--------+
241 | | | +-------------------+----------+--------+
243 | | +------+-------------------+----------+--------+
245 | | | +-------------------+----------+--------+
247 | +------------+------+-------------------+----------+--------+
249 | | | +-------------------+----------+--------+
251 | | +------+-------------------+----------+--------+
253 | | | +-------------------+----------+--------+
255 +--------------+------------+------+-------------------+----------+--------+
260 .. [2] KVM-HV cannot run nested on POWER8 machines.
265 .. _power-papr-protected-execution-facility-pef:
268 -----------------------------------------------
270 Protected Execution Facility (PEF), also known as Secure Guest support
275 pool of secure memory which cannot be accessed by the hypervisor.
278 enter "secure mode". This transfers most of its memory to secure
284 To launch a guest which will be permitted to enter PEF secure mode::
286 $ qemu-system-ppc64 \
287 -object pef-guest,id=pef0 \
288 -machine confidential-guest-support=pef0 \
296 enabled, whether or not the guest has actually entered secure mode.
307 2.9 <https://openpowerfoundation.org/wp-content/uploads/2020/07/LoPAR-20200812.pdf>`_.