Introduction to Secure Execution for s390x

CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/61696 (DOI)

Publisher

FOSDEM VZW

Release Date

2023

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

IBM Z (s390x) has been supporting confidential virtual machines for a few years now. It is a Linux-first feature, fully supported by KVM and Qemu. This presentation will introduce the technology, the architectural extensions, the typical lifecycle of host and guest, the unique features, and how KVM and Qemu have been adapted to support it. Some of the interesting and unique features covered in the presentation are: * allowing for swapping guest memory in the host * not requiring encryption of guest memory when running * implicit attestation * explicit attestation * secure dumps The lifecycle of a secure guest will be presented including all interactions among the guest, the host, the trusted hardware/firmware (Ultravisor), and the attestation agent.