Firmware protection for Virtual Machines against buggy or malicious hypervisors is a rather new concept that is quickly gaining traction among the major CPU architectures; two years ago AMD introduced Secure Encrypted Virtualization (AMD SEV), and now IBM is introducing Protected Virtualization for the s390x architecture. This talk will present the motivations and the overall architecture of Protected Virtualization, the general challenges for Linux both as a guest and as a hypervisor with KVM and Qemu. The main challenges presented will be, among others: * secure VM startup * attestation * I/O * interrupts * Linux guest support * KVM and Qemu changes * swap and migration While the talk will have some technical content, it should be enjoyable for anyone who tinkers with KVM and virtualization. Knowledge of the s390x architecture is not required.