xref: /openbmc/qemu/docs/system/s390x/protvirt.rst (revision 6fdc5bc1)
1Protected Virtualization on s390x
2=================================
3
4The memory and most of the registers of Protected Virtual Machines
5(PVMs) are encrypted or inaccessible to the hypervisor, effectively
6prohibiting VM introspection when the VM is running. At rest, PVMs are
7encrypted and can only be decrypted by the firmware, represented by an
8entity called Ultravisor, of specific IBM Z machines.
9
10
11Prerequisites
12-------------
13
14To run PVMs, a machine with the Protected Virtualization feature, as
15indicated by the Ultravisor Call facility (stfle bit 158), is
16required. The Ultravisor needs to be initialized at boot by setting
17``prot_virt=1`` on the host's kernel command line.
18
19Running PVMs requires using the KVM hypervisor.
20
21If those requirements are met, the capability ``KVM_CAP_S390_PROTECTED``
22will indicate that KVM can support PVMs on that LPAR.
23
24
25Running a Protected Virtual Machine
26-----------------------------------
27
28To run a PVM you will need to select a CPU model which includes the
29``Unpack facility`` (stfle bit 161 represented by the feature
30``unpack``/``S390_FEAT_UNPACK``), and add these options to the command line::
31
32    -object s390-pv-guest,id=pv0 \
33    -machine confidential-guest-support=pv0
34
35Adding these options will:
36
37* Ensure the ``unpack`` facility is available
38* Enable the IOMMU by default for all I/O devices
39* Initialize the PV mechanism
40
41Passthrough (vfio) devices are currently not supported.
42
43Host huge page backings are not supported. However guests can use huge
44pages as indicated by its facilities.
45
46
47Boot Process
48------------
49
50A secure guest image can either be loaded from disk or supplied on the
51QEMU command line. Booting from disk is done by the unmodified
52s390-ccw BIOS. I.e., the bootmap is interpreted, multiple components
53are read into memory and control is transferred to one of the
54components (zipl stage3). Stage3 does some fixups and then transfers
55control to some program residing in guest memory, which is normally
56the OS kernel. The secure image has another component prepended
57(stage3a) that uses the new diag308 subcodes 8 and 10 to trigger the
58transition into secure mode.
59
60Booting from the image supplied on the QEMU command line requires that
61the file passed via -kernel has the same memory layout as would result
62from the disk boot. This memory layout includes the encrypted
63components (kernel, initrd, cmdline), the stage3a loader and
64metadata. In case this boot method is used, the command line
65options -initrd and -cmdline are ineffective. The preparation of a PVM
66image is done via the ``genprotimg`` tool from the s390-tools
67collection.
68