€•8Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ./translations/zh_CN/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/zh_TW/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/it_IT/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/ja_JP/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/ko_KR/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/pt_BR/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ./translations/sp_SP/virt/kvm/s390/s390-pv-boot”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1hµhhh²hh³ŒH/var/lib/git/docbuild/linux/Documentation/virt/kvm/s390/s390-pv-boot.rst”h´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ&s390 (IBM Z) Boot/IPL of Protected VMs”h]”hŒ&s390 (IBM Z) Boot/IPL of Protected VMs”…””}”(hhÏh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÊh²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒSummary”h]”hŒSummary”…””}”(hhàh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÝh²hh³hÇh´KubhŒ paragraph”“”)”}”(hX?The memory of Protected Virtual Machines (PVMs) is not accessible to I/O or the hypervisor. In those cases where the hypervisor needs to access the memory of a PVM, that memory must be made accessible. Memory made accessible to the hypervisor will be encrypted. See Documentation/virt/kvm/s390/s390-pv.rst for details."”h]”hXAThe memory of Protected Virtual Machines (PVMs) is not accessible to I/O or the hypervisor. In those cases where the hypervisor needs to access the memory of a PVM, that memory must be made accessible. Memory made accessible to the hypervisor will be encrypted. See Documentation/virt/kvm/s390/s390-pv.rst for details.—…””}”(hhðh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K hhÝh²hubhï)”}”(hŒ¸On IPL (boot) a small plaintext bootloader is started, which provides information about the encrypted components and necessary metadata to KVM to decrypt the protected virtual machine.”h]”hŒ¸On IPL (boot) a small plaintext bootloader is started, which provides information about the encrypted components and necessary metadata to KVM to decrypt the protected virtual machine.”…””}”(hhþh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KhhÝh²hubhï)”}”(hXVBased on this data, KVM will make the protected virtual machine known to the Ultravisor (UV) and instruct it to secure the memory of the PVM, decrypt the components and verify the data and address list hashes, to ensure integrity. Afterwards KVM can run the PVM via the SIE instruction which the UV will intercept and execute on KVM's behalf.”h]”hXXBased on this data, KVM will make the protected virtual machine known to the Ultravisor (UV) and instruct it to secure the memory of the PVM, decrypt the components and verify the data and address list hashes, to ensure integrity. Afterwards KVM can run the PVM via the SIE instruction which the UV will intercept and execute on KVM’s behalf.”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KhhÝh²hubhï)”}”(hX As the guest image is just like an opaque kernel image that does the switch into PV mode itself, the user can load encrypted guest executables and data via every available method (network, dasd, scsi, direct kernel, ...) without the need to change the boot process.”h]”hX As the guest image is just like an opaque kernel image that does the switch into PV mode itself, the user can load encrypted guest executables and data via every available method (network, dasd, scsi, direct kernel, ...) without the need to change the boot process.”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KhhÝh²hubeh}”(h]”Œsummary”ah ]”h"]”Œsummary”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒDiag308”h]”hŒDiag308”…””}”(hj3h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj0h²hh³hÇh´K!ubhï)”}”(hXThis diagnose instruction is the basic mechanism to handle IPL and related operations for virtual machines. The VM can set and retrieve IPL information blocks, that specify the IPL method/devices and request VM memory and subsystem resets, as well as IPLs.”h]”hXThis diagnose instruction is the basic mechanism to handle IPL and related operations for virtual machines. The VM can set and retrieve IPL information blocks, that specify the IPL method/devices and request VM memory and subsystem resets, as well as IPLs.”…””}”(hjAh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K"hj0h²hubhï)”}”(hŒ:For PVMs this concept has been extended with new subcodes:”h]”hŒ:For PVMs this concept has been extended with new subcodes:”…””}”(hjOh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K'hj0h²hubhï)”}”(hŒ³Subcode 8: Set an IPL Information Block of type 5 (information block for PVMs) Subcode 9: Store the saved block in guest memory Subcode 10: Move into Protected Virtualization mode”h]”hŒ³Subcode 8: Set an IPL Information Block of type 5 (information block for PVMs) Subcode 9: Store the saved block in guest memory Subcode 10: Move into Protected Virtualization mode”…””}”(hj]h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K)hj0h²hubhï)”}”(hŒkThe new PV load-device-specific-parameters field specifies all data that is necessary to move into PV mode.”h]”hŒkThe new PV load-device-specific-parameters field specifies all data that is necessary to move into PV mode.”…””}”(hjkh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K.hj0h²hubhŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒPV Header origin”h]”hï)”}”(hj‚h]”hŒPV Header origin”…””}”(hj„h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K1hj€ubah}”(h]”h ]”h"]”h$]”h&]”uh1j~hj{h²hh³hÇh´Nubj)”}”(hŒPV Header length”h]”hï)”}”(hj™h]”hŒPV Header length”…””}”(hj›h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K2hj—ubah}”(h]”h ]”h"]”h$]”h&]”uh1j~hj{h²hh³hÇh´Nubj)”}”(hŒIList of Components composed of * AES-XTS Tweak prefix * Origin * Size ”h]”hŒdefinition_list”“”)”}”(hhh]”hŒdefinition_list_item”“”)”}”(hŒFList of Components composed of * AES-XTS Tweak prefix * Origin * Size ”h]”(hŒterm”“”)”}”(hŒList of Components composed of”h]”hŒList of Components composed of”…””}”(hj¿h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j½h³hÇh´K6hj¹ubhŒ definition”“”)”}”(hhh]”jz)”}”(hhh]”(j)”}”(hŒAES-XTS Tweak prefix”h]”hï)”}”(hj×h]”hŒAES-XTS Tweak prefix”…””}”(hjÙh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K4hjÕubah}”(h]”h ]”h"]”h$]”h&]”uh1j~hjÒubj)”}”(hŒOrigin”h]”hï)”}”(hjîh]”hŒOrigin”…””}”(hjðh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K5hjìubah}”(h]”h ]”h"]”h$]”h&]”uh1j~hjÒubj)”}”(hŒSize ”h]”hï)”}”(hŒSize”h]”hŒSize”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K6hjubah}”(h]”h ]”h"]”h$]”h&]”uh1j~hjÒubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1jyh³hÇh´K4hjÏubah}”(h]”h ]”h"]”h$]”h&]”uh1jÍhj¹ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j·h³hÇh´K6hj´ubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hj®ubah}”(h]”h ]”h"]”h$]”h&]”uh1j~hj{h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j!j"uh1jyh³hÇh´K1hj0h²hubhï)”}”(hŒ‰The PV header contains the keys and hashes, which the UV will use to decrypt and verify the PV, as well as control flags and a start PSW.”h]”hŒ‰The PV header contains the keys and hashes, which the UV will use to decrypt and verify the PV, as well as control flags and a start PSW.”…””}”(hjAh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K8hj0h²hubhï)”}”(hŒzThe components are for instance an encrypted kernel, kernel parameters and initrd. The components are decrypted by the UV.”h]”hŒzThe components are for instance an encrypted kernel, kernel parameters and initrd. The components are decrypted by the UV.”…””}”(hjOh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K;hj0h²hubhï)”}”(hŒ§After the initial import of the encrypted data, all defined pages will contain the guest content. All non-specified pages will start out as zero pages on first access.”h]”hŒ§After the initial import of the encrypted data, all defined pages will contain the guest content. All non-specified pages will start out as zero pages on first access.”…””}”(hj]h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´K>hj0h²hubhï)”}”(hŒmWhen running in protected virtualization mode, some subcodes will result in exceptions or return error codes.”h]”hŒmWhen running in protected virtualization mode, some subcodes will result in exceptions or return error codes.”…””}”(hjkh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KChj0h²hubhï)”}”(hŒúSubcodes 4 and 7, which specify operations that do not clear the guest memory, will result in specification exceptions. This is because the UV will clear all memory when a secure VM is removed, and therefore non-clearing IPL subcodes are not allowed.”h]”hŒúSubcodes 4 and 7, which specify operations that do not clear the guest memory, will result in specification exceptions. This is because the UV will clear all memory when a secure VM is removed, and therefore non-clearing IPL subcodes are not allowed.”…””}”(hjyh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KFhj0h²hubhï)”}”(hŒŽSubcodes 8, 9, 10 will result in specification exceptions. Re-IPL into a protected mode is only possible via a detour into non protected mode.”h]”hŒŽSubcodes 8, 9, 10 will result in specification exceptions. Re-IPL into a protected mode is only possible via a detour into non protected mode.”…””}”(hj‡h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KKhj0h²hubeh}”(h]”Œdiag308”ah ]”h"]”Œdiag308”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K!ubhÉ)”}”(hhh]”(hÎ)”}”(hŒKeys”h]”hŒKeys”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjh²hh³hÇh´KPubhï)”}”(hŒ¨Every CEC will have a unique public key to enable tooling to build encrypted images. See `s390-tools `_ for the tooling.”h]”(hŒZEvery CEC will have a unique public key to enable tooling to build encrypted images. See ”…””}”(hj®h²hh³Nh´NubhŒ reference”“”)”}”(hŒ=`s390-tools `_”h]”hŒ s390-tools”…””}”(hj¸h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œ s390-tools”Œrefuri”Œ-https://github.com/ibm-s390-linux/s390-tools/”uh1j¶hj®ubhŒtarget”“”)”}”(hŒ0 ”h]”h}”(h]”Œ s390-tools”ah ]”h"]”Œ s390-tools”ah$]”h&]”Œrefuri”jÉuh1jÊŒ referenced”Khj®ubhŒ for the tooling.”…””}”(hj®h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hîh³hÇh´KQhjh²hubeh}”(h]”Œkeys”ah ]”h"]”Œkeys”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KPubeh}”(h]”Œ$s390-ibm-z-boot-ipl-of-protected-vms”ah ]”h"]”Œ&s390 (ibm z) boot/ipl of protected vms”ah$]”h&]”uh1hÈhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÍNŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jñjîj-j*jšj—jéjæjÕjÒuŒ nametypes”}”(jñ‰j-‰jš‰jé‰jÕˆuh}”(jîhÊj*hÝj—j0jæjjÒjÌuŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nh²hub.