Commit Graph

11 Commits

Author SHA1 Message Date
Daniel P. Berrangé
c23874132b docs: update to show preferred boolean syntax for -chardev
The preferred syntax is to use "foo=on|off", rather than a bare
"foo" or "nofoo".

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210216191027.595031-8-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
David Gibson
651615d92d s390: Recognize confidential-guest-support option
At least some s390 cpu models support "Protected Virtualization" (PV),
a mechanism to protect guests from eavesdropping by a compromised
hypervisor.

This is similar in function to other mechanisms like AMD's SEV and
POWER's PEF, which are controlled by the "confidential-guest-support"
machine option.  s390 is a slightly special case, because we already
supported PV, simply by using a CPU model with the required feature
(S390_FEAT_UNPACK).

To integrate this with the option used by other platforms, we
implement the following compromise:

 - When the confidential-guest-support option is set, s390 will
   recognize it, verify that the CPU can support PV (failing if not)
   and set virtio default options necessary for encrypted or protected
   guests, as on other platforms.  i.e. if confidential-guest-support
   is set, we will either create a guest capable of entering PV mode,
   or fail outright.

 - If confidential-guest-support is not set, guests might still be
   able to enter PV mode, if the CPU has the right model.  This may be
   a little surprising, but shouldn't actually be harmful.

To start a guest supporting Protected Virtualization using the new
option use the command line arguments:
    -object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
2021-02-08 16:57:38 +11:00
Thomas Huth
70c04a7ca2 docs/system/s390x: Add a chapter about s390x boot devices
Booting on s390x is a little bit different compared to other architectures.
Let's add some information for people who are not yet used to this.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200806150507.12073-1-thuth@redhat.com>
[CH: minor wording tweaks]
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-08-27 12:37:03 +02:00
Cornelia Huck
9ece07d7a3 docs/s390x: fix vfio-ccw type
Fix the type name in the mdevctl example.

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <20200716145031.771476-1-cohuck@redhat.com>
2020-07-17 12:56:22 +02:00
Thomas Huth
2a84f48c2b docs/system/s390x: Improve the 3270 documentation
There is some additional information about the 3270 support in our Wiki
at https://wiki.qemu.org/Features/3270 - so let's include this information
into the main documentation now to have one single source of information
(the Wiki page could later be removed).

While at it, I also shortened the lines of the first example a little bit.
Otherwise they showed up with a horizontal scrollbar in my Firefox browser.

Message-Id: <20200713075112.442-1-thuth@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-13 11:40:52 +02:00
Christian Borntraeger
458e056257 docs/s390x: fix vfio-ap device_del description
device_del requires an id and not a sysfsfile.

Fixes: bac03ec72f ("s390x/vfio-ap: document hot plug/unplug of vfio-ap device")
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200617160604.5593-1-borntraeger@de.ibm.com>
[CH: add missing '$']
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-06-18 12:14:06 +02:00
Cornelia Huck
8e75b83511 docs/s390x: document vfio-ccw
Add a basic example for passing a dasd via vfio-ccw.

Message-Id: <20200518075522.97643-1-cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-06-05 17:13:11 +02:00
Cornelia Huck
61a3d5eded docs/s390x: document 3270
Add some basic info how to use 3270 devices.

Message-Id: <20200515151518.83950-3-cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-06-05 17:13:11 +02:00
Cornelia Huck
f31270d4eb docs/s390x: document the virtual css
Add some hints about "devno" rules.

Message-Id: <20200515151518.83950-2-cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-06-05 17:13:11 +02:00
Janosch Frank
42fc5eae91 docs: system: Add protvirt docs
Let's add some documentation for the Protected VM functionality.

Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20200319131921.2367-16-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-04-29 14:31:32 +02:00
Cornelia Huck
f58f084e71 Documentation: create/move s390x documentation
Create a subdirectory for s390x under docs/system/ and move the
existing vfio-ap documentation there.

Create an initial document describing s390x system emulation.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20200318103940.1169-1-cohuck@redhat.com>
2020-03-23 12:36:27 +01:00