18c2ecf20Sopenharmony_ci.. SPDX-License-Identifier: GPL-2.0 28c2ecf20Sopenharmony_ci 38c2ecf20Sopenharmony_ci====================================== 48c2ecf20Sopenharmony_cis390 (IBM Z) Boot/IPL of Protected VMs 58c2ecf20Sopenharmony_ci====================================== 68c2ecf20Sopenharmony_ci 78c2ecf20Sopenharmony_ciSummary 88c2ecf20Sopenharmony_ci------- 98c2ecf20Sopenharmony_ciThe memory of Protected Virtual Machines (PVMs) is not accessible to 108c2ecf20Sopenharmony_ciI/O or the hypervisor. In those cases where the hypervisor needs to 118c2ecf20Sopenharmony_ciaccess the memory of a PVM, that memory must be made accessible. 128c2ecf20Sopenharmony_ciMemory made accessible to the hypervisor will be encrypted. See 138c2ecf20Sopenharmony_ci:doc:`s390-pv` for details." 148c2ecf20Sopenharmony_ci 158c2ecf20Sopenharmony_ciOn IPL (boot) a small plaintext bootloader is started, which provides 168c2ecf20Sopenharmony_ciinformation about the encrypted components and necessary metadata to 178c2ecf20Sopenharmony_ciKVM to decrypt the protected virtual machine. 188c2ecf20Sopenharmony_ci 198c2ecf20Sopenharmony_ciBased on this data, KVM will make the protected virtual machine known 208c2ecf20Sopenharmony_cito the Ultravisor (UV) and instruct it to secure the memory of the 218c2ecf20Sopenharmony_ciPVM, decrypt the components and verify the data and address list 228c2ecf20Sopenharmony_cihashes, to ensure integrity. Afterwards KVM can run the PVM via the 238c2ecf20Sopenharmony_ciSIE instruction which the UV will intercept and execute on KVM's 248c2ecf20Sopenharmony_cibehalf. 258c2ecf20Sopenharmony_ci 268c2ecf20Sopenharmony_ciAs the guest image is just like an opaque kernel image that does the 278c2ecf20Sopenharmony_ciswitch into PV mode itself, the user can load encrypted guest 288c2ecf20Sopenharmony_ciexecutables and data via every available method (network, dasd, scsi, 298c2ecf20Sopenharmony_cidirect kernel, ...) without the need to change the boot process. 308c2ecf20Sopenharmony_ci 318c2ecf20Sopenharmony_ci 328c2ecf20Sopenharmony_ciDiag308 338c2ecf20Sopenharmony_ci------- 348c2ecf20Sopenharmony_ciThis diagnose instruction is the basic mechanism to handle IPL and 358c2ecf20Sopenharmony_cirelated operations for virtual machines. The VM can set and retrieve 368c2ecf20Sopenharmony_ciIPL information blocks, that specify the IPL method/devices and 378c2ecf20Sopenharmony_cirequest VM memory and subsystem resets, as well as IPLs. 388c2ecf20Sopenharmony_ci 398c2ecf20Sopenharmony_ciFor PVMs this concept has been extended with new subcodes: 408c2ecf20Sopenharmony_ci 418c2ecf20Sopenharmony_ciSubcode 8: Set an IPL Information Block of type 5 (information block 428c2ecf20Sopenharmony_cifor PVMs) 438c2ecf20Sopenharmony_ciSubcode 9: Store the saved block in guest memory 448c2ecf20Sopenharmony_ciSubcode 10: Move into Protected Virtualization mode 458c2ecf20Sopenharmony_ci 468c2ecf20Sopenharmony_ciThe new PV load-device-specific-parameters field specifies all data 478c2ecf20Sopenharmony_cithat is necessary to move into PV mode. 488c2ecf20Sopenharmony_ci 498c2ecf20Sopenharmony_ci* PV Header origin 508c2ecf20Sopenharmony_ci* PV Header length 518c2ecf20Sopenharmony_ci* List of Components composed of 528c2ecf20Sopenharmony_ci * AES-XTS Tweak prefix 538c2ecf20Sopenharmony_ci * Origin 548c2ecf20Sopenharmony_ci * Size 558c2ecf20Sopenharmony_ci 568c2ecf20Sopenharmony_ciThe PV header contains the keys and hashes, which the UV will use to 578c2ecf20Sopenharmony_cidecrypt and verify the PV, as well as control flags and a start PSW. 588c2ecf20Sopenharmony_ci 598c2ecf20Sopenharmony_ciThe components are for instance an encrypted kernel, kernel parameters 608c2ecf20Sopenharmony_ciand initrd. The components are decrypted by the UV. 618c2ecf20Sopenharmony_ci 628c2ecf20Sopenharmony_ciAfter the initial import of the encrypted data, all defined pages will 638c2ecf20Sopenharmony_cicontain the guest content. All non-specified pages will start out as 648c2ecf20Sopenharmony_cizero pages on first access. 658c2ecf20Sopenharmony_ci 668c2ecf20Sopenharmony_ci 678c2ecf20Sopenharmony_ciWhen running in protected virtualization mode, some subcodes will result in 688c2ecf20Sopenharmony_ciexceptions or return error codes. 698c2ecf20Sopenharmony_ci 708c2ecf20Sopenharmony_ciSubcodes 4 and 7, which specify operations that do not clear the guest 718c2ecf20Sopenharmony_cimemory, will result in specification exceptions. This is because the 728c2ecf20Sopenharmony_ciUV will clear all memory when a secure VM is removed, and therefore 738c2ecf20Sopenharmony_cinon-clearing IPL subcodes are not allowed. 748c2ecf20Sopenharmony_ci 758c2ecf20Sopenharmony_ciSubcodes 8, 9, 10 will result in specification exceptions. 768c2ecf20Sopenharmony_ciRe-IPL into a protected mode is only possible via a detour into non 778c2ecf20Sopenharmony_ciprotected mode. 788c2ecf20Sopenharmony_ci 798c2ecf20Sopenharmony_ciKeys 808c2ecf20Sopenharmony_ci---- 818c2ecf20Sopenharmony_ciEvery CEC will have a unique public key to enable tooling to build 828c2ecf20Sopenharmony_ciencrypted images. 838c2ecf20Sopenharmony_ciSee `s390-tools <https://github.com/ibm-s390-tools/s390-tools/>`_ 848c2ecf20Sopenharmony_cifor the tooling. 85