qemu/include/hw/s390x
David Gibson 651615d92d s390: Recognize confidential-guest-support option
At least some s390 cpu models support "Protected Virtualization" (PV),
a mechanism to protect guests from eavesdropping by a compromised
hypervisor.

This is similar in function to other mechanisms like AMD's SEV and
POWER's PEF, which are controlled by the "confidential-guest-support"
machine option.  s390 is a slightly special case, because we already
supported PV, simply by using a CPU model with the required feature
(S390_FEAT_UNPACK).

To integrate this with the option used by other platforms, we
implement the following compromise:

 - When the confidential-guest-support option is set, s390 will
   recognize it, verify that the CPU can support PV (failing if not)
   and set virtio default options necessary for encrypted or protected
   guests, as on other platforms.  i.e. if confidential-guest-support
   is set, we will either create a guest capable of entering PV mode,
   or fail outright.

 - If confidential-guest-support is not set, guests might still be
   able to enter PV mode, if the CPU has the right model.  This may be
   a little surprising, but shouldn't actually be harmful.

To start a guest supporting Protected Virtualization using the new
option use the command line arguments:
    -object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
2021-02-08 16:57:38 +11:00
..
3270-ccw.h Use OBJECT_DECLARE_TYPE when possible 2020-09-18 14:12:32 -04:00
adapter.h
ap-bridge.h s390x/ap: base Adjunct Processor (AP) object model 2018-10-12 11:32:18 +02:00
ap-device.h ap-device: Rename AP_DEVICE_TYPE to TYPE_AP_DEVICE 2020-09-09 13:20:22 -04:00
css-bridge.h Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
css.h s390x/css: Refactor the css_queue_crw() routine 2020-06-18 12:13:54 +02:00
ebcdic.h
event-facility.h qom: Remove module_obj_name parameter from OBJECT_DECLARE* macros 2020-09-18 14:12:32 -04:00
ioinst.h
pv.h s390: Recognize confidential-guest-support option 2021-02-08 16:57:38 +11:00
s390_flic.h Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
s390-ccw.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
s390-pci-bus.h s390x/pci: get zPCI function info from host 2020-11-01 12:30:52 -07:00
s390-pci-clp.h s390x/pci: fix endianness issues 2020-11-18 16:59:29 +01:00
s390-pci-inst.h s390x/pci: create a header dedicated to PCI CLP 2020-11-01 12:30:52 -07:00
s390-pci-vfio.h s390x: fix build for --without-default-devices 2020-11-05 13:04:07 +01:00
s390-virtio-ccw.h Use OBJECT_DECLARE_TYPE when possible 2020-09-18 14:12:32 -04:00
sclp.h s390: guest support for diagnose 0x318 2020-10-02 13:52:49 +02:00
storage-attributes.h Use OBJECT_DECLARE_TYPE when possible 2020-09-18 14:12:32 -04:00
storage-keys.h Use OBJECT_DECLARE_TYPE when possible 2020-09-18 14:12:32 -04:00
tod.h Use OBJECT_DECLARE_TYPE when possible 2020-09-18 14:12:32 -04:00
vfio-ccw.h Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00