qemu/docs/system
David Gibson 651615d92d s390: Recognize confidential-guest-support option
At least some s390 cpu models support "Protected Virtualization" (PV),
a mechanism to protect guests from eavesdropping by a compromised
hypervisor.

This is similar in function to other mechanisms like AMD's SEV and
POWER's PEF, which are controlled by the "confidential-guest-support"
machine option.  s390 is a slightly special case, because we already
supported PV, simply by using a CPU model with the required feature
(S390_FEAT_UNPACK).

To integrate this with the option used by other platforms, we
implement the following compromise:

 - When the confidential-guest-support option is set, s390 will
   recognize it, verify that the CPU can support PV (failing if not)
   and set virtio default options necessary for encrypted or protected
   guests, as on other platforms.  i.e. if confidential-guest-support
   is set, we will either create a guest capable of entering PV mode,
   or fail outright.

 - If confidential-guest-support is not set, guests might still be
   able to enter PV mode, if the CPU has the right model.  This may be
   a little surprising, but shouldn't actually be harmful.

To start a guest supporting Protected Virtualization using the new
option use the command line arguments:
    -object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
2021-02-08 16:57:38 +11:00
..
_templates docs: add "page source" link to sphinx documentation 2020-11-10 08:51:30 +01:00
arm arm-virt: add secure pl061 for reset/power down 2021-01-29 10:47:28 +00:00
i386 docs: Move microvm.rst into the system manual 2020-11-23 11:10:04 +00:00
s390x s390: Recognize confidential-guest-support option 2021-02-08 16:57:38 +11:00
build-platforms.rst docs: simplify and clarify the platform support rules 2021-01-29 17:07:53 +00:00
cpu-hotplug.rst docs: Move cpu-hotplug.rst into the system manual 2020-11-23 11:07:41 +00:00
cpu-models-mips.rst.inc docs/system: Update MIPS CPU documentation 2020-10-17 13:59:40 +02:00
cpu-models-x86.rst.inc qemu-cpu-models.rst: Document -noTSX, mds-no, taa-no, and tsx-ctrl 2020-03-16 23:02:25 +01:00
deprecated.rst hw/i386: Remove the deprecated pc-1.x machine types 2021-02-05 08:52:59 -05:00
device-url-syntax.rst.inc manual: escape backslashes in "parsed-literal" blocks 2020-09-16 10:52:34 +02:00
gdb.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00
images.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00
index.rst docs/system: Move the list of removed features to a separate file 2020-12-15 12:52:02 -05:00
invocation.rst docs: Split out sections for the manpage into .rst.inc files 2020-03-06 11:06:55 +00:00
ivshmem.rst docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
keys.rst docs: Split out sections for the manpage into .rst.inc files 2020-03-06 11:06:55 +00:00
keys.rst.inc docs: Split out sections for the manpage into .rst.inc files 2020-03-06 11:06:55 +00:00
license.rst docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
linuxboot.rst docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
managed-startup.rst docs/system: convert managed startup to rST. 2020-03-06 10:05:12 +00:00
monitor.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00
mux-chardev.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00
mux-chardev.rst.inc docs: Split out sections for the manpage into .rst.inc files 2020-03-06 11:06:55 +00:00
net.rst docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
pr-manager.rst docs/system/pr-manager.rst: Fix minor docs nits 2020-11-23 11:10:04 +00:00
qemu-block-drivers.rst docs: Create defs.rst.inc as a place to define substitutions 2020-03-06 10:04:58 +00:00
qemu-block-drivers.rst.inc block: introduce preallocate filter 2020-12-18 12:35:55 +01:00
qemu-cpu-models.rst docs/system: Convert qemu-cpu-models.texi to rST 2020-03-06 10:05:12 +00:00
qemu-manpage.rst docs: Generate qemu.1 manpage with Sphinx 2020-03-06 11:06:55 +00:00
quickstart.rst docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
removed-features.rst hw/i386: Remove the deprecated pc-1.x machine types 2021-02-05 08:52:59 -05:00
security.rst docs/system: Convert security.texi to rST format 2020-03-06 10:05:12 +00:00
target-arm.rst docs/system: arm: Add sabrelite board description 2021-01-08 15:13:39 +00:00
target-avr.rst docs/: fix some comment spelling errors 2020-09-17 20:37:13 +02:00
target-i386-desc.rst.inc pcspk: update docs/system/target-i386-desc.rst.inc 2020-07-06 17:01:11 +02:00
target-i386.rst docs: Move microvm.rst into the system manual 2020-11-23 11:10:04 +00:00
target-m68k.rst docs: Roll semihosting option information into qemu-options.hx 2020-03-06 10:05:12 +00:00
target-mips.rst docs/system: Update MIPS machine documentation 2021-01-04 23:36:03 +01:00
target-ppc.rst docs: Roll -prom-env and -g target-specific info into qemu-options.hx 2020-03-06 10:05:18 +00:00
target-rx.rst docs: Document the RX target 2020-06-22 18:37:12 +02:00
target-s390x.rst docs/system/s390x: Add a chapter about s390x boot devices 2020-08-27 12:37:03 +02:00
target-sparc64.rst docs: Roll -prom-env and -g target-specific info into qemu-options.hx 2020-03-06 10:05:18 +00:00
target-sparc.rst docs: Roll -prom-env and -g target-specific info into qemu-options.hx 2020-03-06 10:05:18 +00:00
target-xtensa.rst docs: Roll semihosting option information into qemu-options.hx 2020-03-06 10:05:12 +00:00
targets.rst target/avr: Add section into QEMU documentation 2020-07-11 11:02:05 +02:00
tls.rst docs: fix missing backslash in certtool shell example 2021-01-29 17:07:53 +00:00
usb.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00
virtio-net-failover.rst docs: Move virtio-net-failover.rst into the system manual 2020-11-23 11:07:41 +00:00
virtio-pmem.rst docs/system/virtio-pmem.rst: Fix minor style issues 2020-11-23 11:07:41 +00:00
vnc-security.rst Prefer 'on' | 'off' over 'yes' | 'no' for bool options 2021-01-29 17:07:53 +00:00