c3347ed0d2
The unpack facility provides the means to setup a protected guest. A protected guest cannot be introspected by the hypervisor or any user/administrator of the machine it is running on. Protected guests are encrypted at rest and need a special boot mechanism via diag308 subcode 8 and 10. Code 8 sets the PV specific IPLB which is retained separately from those set via code 5. Code 10 is used to unpack the VM into protected memory, verify its integrity and start it. Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Co-developed-by: Christian Borntraeger <borntraeger@de.ibm.com> [Changes to machine] Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Message-Id: <20200323083606.24520-1-frankja@linux.ibm.com> [CH: fixed up KVM_PV_VM_ -> KVM_PV_] Signed-off-by: Cornelia Huck <cohuck@redhat.com>
60 lines
1.5 KiB
C
60 lines
1.5 KiB
C
/*
|
|
* virtio ccw machine definitions
|
|
*
|
|
* Copyright 2012, 2016 IBM Corp.
|
|
* Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
|
|
*
|
|
* This work is licensed under the terms of the GNU GPL, version 2 or (at
|
|
* your option) any later version. See the COPYING file in the top-level
|
|
* directory.
|
|
*/
|
|
#ifndef HW_S390X_S390_VIRTIO_CCW_H
|
|
#define HW_S390X_S390_VIRTIO_CCW_H
|
|
|
|
#include "hw/boards.h"
|
|
|
|
#define TYPE_S390_CCW_MACHINE "s390-ccw-machine"
|
|
|
|
#define S390_CCW_MACHINE(obj) \
|
|
OBJECT_CHECK(S390CcwMachineState, (obj), TYPE_S390_CCW_MACHINE)
|
|
|
|
#define S390_MACHINE_CLASS(klass) \
|
|
OBJECT_CLASS_CHECK(S390CcwMachineClass, (klass), TYPE_S390_CCW_MACHINE)
|
|
|
|
typedef struct S390CcwMachineState {
|
|
/*< private >*/
|
|
MachineState parent_obj;
|
|
|
|
/*< public >*/
|
|
bool aes_key_wrap;
|
|
bool dea_key_wrap;
|
|
bool pv;
|
|
uint8_t loadparm[8];
|
|
} S390CcwMachineState;
|
|
|
|
typedef struct S390CcwMachineClass {
|
|
/*< private >*/
|
|
MachineClass parent_class;
|
|
|
|
/*< public >*/
|
|
bool ri_allowed;
|
|
bool cpu_model_allowed;
|
|
bool css_migration_enabled;
|
|
bool hpage_1m_allowed;
|
|
} S390CcwMachineClass;
|
|
|
|
/* runtime-instrumentation allowed by the machine */
|
|
bool ri_allowed(void);
|
|
/* cpu model allowed by the machine */
|
|
bool cpu_model_allowed(void);
|
|
/* 1M huge page mappings allowed by the machine */
|
|
bool hpage_1m_allowed(void);
|
|
|
|
/**
|
|
* Returns true if (vmstate based) migration of the channel subsystem
|
|
* is enabled, false if it is disabled.
|
|
*/
|
|
bool css_migration_enabled(void);
|
|
|
|
#endif
|