We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Introduction to Secure Execution for s390x

Formal Metadata

Title
Introduction to Secure Execution for s390x
Subtitle
KVM confidential VMs on IBM Z
Title of Series
Number of Parts
542
Author
Contributors
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
IBM Z (s390x) has been supporting confidential virtual machines for a few years now. It is a Linux-first feature, fully supported by KVM and Qemu. This presentation will introduce the technology, the architectural extensions, the typical lifecycle of host and guest, the unique features, and how KVM and Qemu have been adapted to support it. Some of the interesting and unique features covered in the presentation are: * allowing for swapping guest memory in the host * not requiring encryption of guest memory when running * implicit attestation * explicit attestation * secure dumps The lifecycle of a secure guest will be presented including all interactions among the guest, the host, the trusted hardware/firmware (Ultravisor), and the attestation agent.