qemu-e2k/hw
David Gibson 651615d92d s390: Recognize confidential-guest-support option
At least some s390 cpu models support "Protected Virtualization" (PV),
a mechanism to protect guests from eavesdropping by a compromised
hypervisor.

This is similar in function to other mechanisms like AMD's SEV and
POWER's PEF, which are controlled by the "confidential-guest-support"
machine option.  s390 is a slightly special case, because we already
supported PV, simply by using a CPU model with the required feature
(S390_FEAT_UNPACK).

To integrate this with the option used by other platforms, we
implement the following compromise:

 - When the confidential-guest-support option is set, s390 will
   recognize it, verify that the CPU can support PV (failing if not)
   and set virtio default options necessary for encrypted or protected
   guests, as on other platforms.  i.e. if confidential-guest-support
   is set, we will either create a guest capable of entering PV mode,
   or fail outright.

 - If confidential-guest-support is not set, guests might still be
   able to enter PV mode, if the CPU has the right model.  This may be
   a little surprising, but shouldn't actually be harmful.

To start a guest supporting Protected Virtualization using the new
option use the command line arguments:
    -object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
2021-02-08 16:57:38 +11:00
..
9pfs 9pfs: Convert reclaim list to QSLIST 2021-01-22 18:26:40 +01:00
acpi acpi: Permit OEM ID and OEM table ID fields to be changed 2021-02-05 08:52:59 -05:00
adc hw/adc: Add an ADC module for NPCM7XX 2021-01-12 21:19:02 +00:00
alpha
arm acpi: use constants as strncpy limit 2021-02-05 08:52:59 -05:00
audio audio/via-ac97: Simplify code and set user_creatable to false 2021-01-04 23:24:44 +01:00
avr
block block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
char hw/char/exynos4210_uart: Fix missing call to report ready for input 2021-02-02 17:00:54 +00:00
core confidential guest support: Alter virtio default properties for protected guests 2021-02-08 16:57:38 +11:00
cpu
cris
display display/ui: add a callback to indicate GL state is flushed 2021-02-04 15:58:54 +01:00
dma hw/arm/xlnx-versal: Versal SoC requires ZDMA 2021-02-03 10:15:50 +00:00
gpio hw: gpio: implement gpio-pwr driver for qemu reset/poweroff 2021-01-29 10:47:28 +00:00
hppa hw: Use the PCI_SLOT() macro from 'hw/pci/pci.h' 2021-01-04 23:24:44 +01:00
hyperv qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
i2c
i386 sev: Remove false abstraction of flash encryption 2021-02-08 16:57:38 +11:00
ide block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
input Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
intc hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register 2021-02-02 17:00:55 +00:00
ipack
ipmi Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
isa vt82c686: Rename superio config related parts 2021-01-04 23:24:44 +01:00
lm32
m68k hw/m68k/next-cube: Add vmstate for NeXTPC device 2021-01-19 09:11:52 +01:00
mem nvdimm: check -object memory-backend-file, readonly=on option 2021-02-01 17:07:34 -05:00
microblaze vl: make qemu_get_machine_opts static 2020-12-15 12:51:55 -05:00
mips cpu: tcg_ops: move to tcg-cpu-ops.h, keep a pointer in CPUClass 2021-02-05 10:24:15 -10:00
misc hw/misc/pvpanic: add PCI interface support 2021-01-29 10:47:28 +00:00
moxie
net net: checksum: Introduce fine control over checksum type 2021-01-25 17:04:56 +08:00
nios2 * New -action option and set-action QMP command (Alejandro) 2020-12-15 21:24:31 +00:00
nubus
nvram hw/*: Use type casting for SysBusDevice in NPCM7XX 2021-01-12 21:19:02 +00:00
openrisc target/openrisc: Move pic_cpu code into CPU object proper 2020-12-15 12:04:30 +00:00
pci pci: add romsize property 2021-02-05 08:52:58 -05:00
pci-bridge Kconfig: Compile PXB for ARM_VIRT 2021-01-17 06:42:54 -05:00
pci-host acpi/gpex: Exclude pxb's resources from PCI0 2021-01-17 06:42:54 -05:00
pcmcia
ppc spapr: PEF: prevent migration 2021-02-08 16:57:38 +11:00
rdma Machine queue, 2020-12-23 2021-01-01 22:57:15 +00:00
riscv riscv: Pass RISCVHartArrayState by pointer 2021-01-16 14:34:46 -08:00
rtc pl031: Use timer_free() in the finalize function to avoid memleaks 2021-01-18 11:51:26 +01:00
rx
s390x s390: Recognize confidential-guest-support option 2021-02-08 16:57:38 +11:00
scsi block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
sd block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
semihosting semihosting: Implement SYS_ISERROR 2021-01-18 10:05:06 +00:00
sh4 hw: Use the PCI_SLOT() macro from 'hw/pci/pci.h' 2021-01-04 23:24:44 +01:00
smbios
sparc sun4m: don't connect two qemu_irqs directly to the same input 2021-01-06 11:41:37 +00:00
sparc64
ssi hw/ssi: imx_spi: Correct tx and rx fifo endianness 2021-02-02 17:00:55 +00:00
timer arm: Remove frq properties on CMSDK timer, dualtimer, watchdog, ARMSSE 2021-01-29 15:54:44 +00:00
tpm tpm: tpm_spapr: Remove unused tracepoint 2021-01-25 20:56:38 -05:00
tricore
unicore32
usb block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
vfio ui: add an optional get_flags callback to GraphicHwOps 2021-02-04 15:58:54 +01:00
virtio vhost: Check for valid vdev in vhost_backend_handle_iotlb_msg 2021-02-05 08:52:59 -05:00
watchdog arm: Remove frq properties on CMSDK timer, dualtimer, watchdog, ARMSSE 2021-01-29 15:54:44 +00:00
xen pci: add romsize property 2021-02-05 08:52:58 -05:00
xenpv
xtensa vl: make qemu_get_machine_opts static 2020-12-15 12:51:55 -05:00
Kconfig hw/net/can: ZynqMP CAN device requires PTIMER 2021-02-03 10:15:50 +00:00
meson.build