€•67Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ./translations/zh_CN/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/zh_TW/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/it_IT/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/ja_JP/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/ko_KR/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/sp_SP/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1h¡hhhžhhŸŒH/var/lib/git/docbuild/linux/Documentation/virt/kvm/s390/s390-pv-boot.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ&s390 (IBM Z) Boot/IPL of Protected VMs”h]”hŒ&s390 (IBM Z) Boot/IPL of Protected VMs”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒSummary”h]”hŒSummary”…””}”(hhÌhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hhÉhžhhŸh³h KubhŒ paragraph”“”)”}”(hX?The memory of Protected Virtual Machines (PVMs) is not accessible to I/O or the hypervisor. In those cases where the hypervisor needs to access the memory of a PVM, that memory must be made accessible. Memory made accessible to the hypervisor will be encrypted. See Documentation/virt/kvm/s390/s390-pv.rst for details."”h]”hXAThe memory of Protected Virtual Machines (PVMs) is not accessible to I/O or the hypervisor. In those cases where the hypervisor needs to access the memory of a PVM, that memory must be made accessible. Memory made accessible to the hypervisor will be encrypted. See Documentation/virt/kvm/s390/s390-pv.rst for details.—…””}”(hhÜhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K hhÉhžhubhÛ)”}”(hŒ¸On IPL (boot) a small plaintext bootloader is started, which provides information about the encrypted components and necessary metadata to KVM to decrypt the protected virtual machine.”h]”hŒ¸On IPL (boot) a small plaintext bootloader is started, which provides information about the encrypted components and necessary metadata to KVM to decrypt the protected virtual machine.”…””}”(hhêhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhhÉhžhubhÛ)”}”(hXVBased on this data, KVM will make the protected virtual machine known to the Ultravisor (UV) and instruct it to secure the memory of the PVM, decrypt the components and verify the data and address list hashes, to ensure integrity. Afterwards KVM can run the PVM via the SIE instruction which the UV will intercept and execute on KVM's behalf.”h]”hXXBased on this data, KVM will make the protected virtual machine known to the Ultravisor (UV) and instruct it to secure the memory of the PVM, decrypt the components and verify the data and address list hashes, to ensure integrity. Afterwards KVM can run the PVM via the SIE instruction which the UV will intercept and execute on KVM’s behalf.”…””}”(hhøhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhhÉhžhubhÛ)”}”(hX As the guest image is just like an opaque kernel image that does the switch into PV mode itself, the user can load encrypted guest executables and data via every available method (network, dasd, scsi, direct kernel, ...) without the need to change the boot process.”h]”hX As the guest image is just like an opaque kernel image that does the switch into PV mode itself, the user can load encrypted guest executables and data via every available method (network, dasd, scsi, direct kernel, ...) without the need to change the boot process.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhhÉhžhubeh}”(h]”Œsummary”ah ]”h"]”Œsummary”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒDiag308”h]”hŒDiag308”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjhžhhŸh³h K!ubhÛ)”}”(hXThis diagnose instruction is the basic mechanism to handle IPL and related operations for virtual machines. The VM can set and retrieve IPL information blocks, that specify the IPL method/devices and request VM memory and subsystem resets, as well as IPLs.”h]”hXThis diagnose instruction is the basic mechanism to handle IPL and related operations for virtual machines. The VM can set and retrieve IPL information blocks, that specify the IPL method/devices and request VM memory and subsystem resets, as well as IPLs.”…””}”(hj-hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K"hjhžhubhÛ)”}”(hŒ:For PVMs this concept has been extended with new subcodes:”h]”hŒ:For PVMs this concept has been extended with new subcodes:”…””}”(hj;hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K'hjhžhubhÛ)”}”(hŒ³Subcode 8: Set an IPL Information Block of type 5 (information block for PVMs) Subcode 9: Store the saved block in guest memory Subcode 10: Move into Protected Virtualization mode”h]”hŒ³Subcode 8: Set an IPL Information Block of type 5 (information block for PVMs) Subcode 9: Store the saved block in guest memory Subcode 10: Move into Protected Virtualization mode”…””}”(hjIhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K)hjhžhubhÛ)”}”(hŒkThe new PV load-device-specific-parameters field specifies all data that is necessary to move into PV mode.”h]”hŒkThe new PV load-device-specific-parameters field specifies all data that is necessary to move into PV mode.”…””}”(hjWhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K.hjhžhubhŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒPV Header origin”h]”hÛ)”}”(hjnh]”hŒPV Header origin”…””}”(hjphžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K1hjlubah}”(h]”h ]”h"]”h$]”h&]”uh1jjhjghžhhŸh³h Nubjk)”}”(hŒPV Header length”h]”hÛ)”}”(hj…h]”hŒPV Header length”…””}”(hj‡hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K2hjƒubah}”(h]”h ]”h"]”h$]”h&]”uh1jjhjghžhhŸh³h Nubjk)”}”(hŒIList of Components composed of * AES-XTS Tweak prefix * Origin * Size ”h]”hŒdefinition_list”“”)”}”(hhh]”hŒdefinition_list_item”“”)”}”(hŒFList of Components composed of * AES-XTS Tweak prefix * Origin * Size ”h]”(hŒterm”“”)”}”(hŒList of Components composed of”h]”hŒList of Components composed of”…””}”(hj«hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j©hŸh³h K6hj¥ubhŒ definition”“”)”}”(hhh]”jf)”}”(hhh]”(jk)”}”(hŒAES-XTS Tweak prefix”h]”hÛ)”}”(hjÃh]”hŒAES-XTS Tweak prefix”…””}”(hjÅhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K4hjÁubah}”(h]”h ]”h"]”h$]”h&]”uh1jjhj¾ubjk)”}”(hŒOrigin”h]”hÛ)”}”(hjÚh]”hŒOrigin”…””}”(hjÜhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K5hjØubah}”(h]”h ]”h"]”h$]”h&]”uh1jjhj¾ubjk)”}”(hŒSize ”h]”hÛ)”}”(hŒSize”h]”hŒSize”…””}”(hjóhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K6hjïubah}”(h]”h ]”h"]”h$]”h&]”uh1jjhj¾ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1jehŸh³h K4hj»ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¹hj¥ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j£hŸh³h K6hj ubah}”(h]”h ]”h"]”h$]”h&]”uh1jžhjšubah}”(h]”h ]”h"]”h$]”h&]”uh1jjhjghžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”j juh1jehŸh³h K1hjhžhubhÛ)”}”(hŒ‰The PV header contains the keys and hashes, which the UV will use to decrypt and verify the PV, as well as control flags and a start PSW.”h]”hŒ‰The PV header contains the keys and hashes, which the UV will use to decrypt and verify the PV, as well as control flags and a start PSW.”…””}”(hj-hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K8hjhžhubhÛ)”}”(hŒzThe components are for instance an encrypted kernel, kernel parameters and initrd. The components are decrypted by the UV.”h]”hŒzThe components are for instance an encrypted kernel, kernel parameters and initrd. The components are decrypted by the UV.”…””}”(hj;hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K;hjhžhubhÛ)”}”(hŒ§After the initial import of the encrypted data, all defined pages will contain the guest content. All non-specified pages will start out as zero pages on first access.”h]”hŒ§After the initial import of the encrypted data, all defined pages will contain the guest content. All non-specified pages will start out as zero pages on first access.”…””}”(hjIhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K>hjhžhubhÛ)”}”(hŒmWhen running in protected virtualization mode, some subcodes will result in exceptions or return error codes.”h]”hŒmWhen running in protected virtualization mode, some subcodes will result in exceptions or return error codes.”…””}”(hjWhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KChjhžhubhÛ)”}”(hŒúSubcodes 4 and 7, which specify operations that do not clear the guest memory, will result in specification exceptions. This is because the UV will clear all memory when a secure VM is removed, and therefore non-clearing IPL subcodes are not allowed.”h]”hŒúSubcodes 4 and 7, which specify operations that do not clear the guest memory, will result in specification exceptions. This is because the UV will clear all memory when a secure VM is removed, and therefore non-clearing IPL subcodes are not allowed.”…””}”(hjehžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KFhjhžhubhÛ)”}”(hŒŽSubcodes 8, 9, 10 will result in specification exceptions. Re-IPL into a protected mode is only possible via a detour into non protected mode.”h]”hŒŽSubcodes 8, 9, 10 will result in specification exceptions. Re-IPL into a protected mode is only possible via a detour into non protected mode.”…””}”(hjshžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KKhjhžhubeh}”(h]”Œdiag308”ah ]”h"]”Œdiag308”ah$]”h&]”uh1h´hh¶hžhhŸh³h K!ubhµ)”}”(hhh]”(hº)”}”(hŒKeys”h]”hŒKeys”…””}”(hjŒhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj‰hžhhŸh³h KPubhÛ)”}”(hŒ¨Every CEC will have a unique public key to enable tooling to build encrypted images. See `s390-tools `_ for the tooling.”h]”(hŒZEvery CEC will have a unique public key to enable tooling to build encrypted images. See ”…””}”(hjšhžhhŸNh NubhŒ reference”“”)”}”(hŒ=`s390-tools `_”h]”hŒ s390-tools”…””}”(hj¤hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œ s390-tools”Œrefuri”Œ-https://github.com/ibm-s390-linux/s390-tools/”uh1j¢hjšubhŒtarget”“”)”}”(hŒ0 ”h]”h}”(h]”Œ s390-tools”ah ]”h"]”Œ s390-tools”ah$]”h&]”Œrefuri”jµuh1j¶Œ referenced”KhjšubhŒ for the tooling.”…””}”(hjšhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KQhj‰hžhubeh}”(h]”Œkeys”ah ]”h"]”Œkeys”ah$]”h&]”uh1h´hh¶hžhhŸh³h KPubeh}”(h]”Œ$s390-ibm-z-boot-ipl-of-protected-vms”ah ]”h"]”Œ&s390 (ibm z) boot/ipl of protected vms”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jÝjÚjjj†jƒjÕjÒjÁj¾uŒ nametypes”}”(j݉j‰j†‰jÕ‰jÁˆuh}”(jÚh¶jhÉjƒjjÒj‰j¾j¸uŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.