Re: [PATCH v7 13/13] s390: Recognize confidential-guest-support option

2021-01-18 Thread Christian Borntraeger
On 15.01.21 17:36, Cornelia Huck wrote: > On Thu, 14 Jan 2021 10:58:11 +1100 > David Gibson wrote: > >> At least some s390 cpu models support "Protected Virtualization" (PV), >> a mechanism to protect guests from eavesdropping by a compromised >> hypervisor. >> >> This is similar in function t

Re: [PATCH v7 13/13] s390: Recognize confidential-guest-support option

2021-01-15 Thread Cornelia Huck
On Thu, 14 Jan 2021 10:58:11 +1100 David Gibson wrote: > At least some s390 cpu models support "Protected Virtualization" (PV), > a mechanism to protect guests from eavesdropping by a compromised > hypervisor. > > This is similar in function to other mechanisms like AMD's SEV and > POWER's PEF,

Re: [PATCH v7 13/13] s390: Recognize confidential-guest-support option

2021-01-14 Thread David Gibson
On Thu, Jan 14, 2021 at 10:24:57AM +0100, Christian Borntraeger wrote: > > > On 14.01.21 10:19, Christian Borntraeger wrote: > > > > > > On 14.01.21 10:10, Christian Borntraeger wrote: > >> > >> > >> On 14.01.21 00:58, David Gibson wrote: > >> [...] > >>> +int s390_pv_init(ConfidentialGuestSupp

Re: [PATCH v7 13/13] s390: Recognize confidential-guest-support option

2021-01-14 Thread David Gibson
On Thu, Jan 14, 2021 at 10:10:02AM +0100, Christian Borntraeger wrote: > > > On 14.01.21 00:58, David Gibson wrote: > [...] > > +int s390_pv_init(ConfidentialGuestSupport *cgs, Error **errp) > > +{ > > +if (!object_dynamic_cast(OBJECT(cgs), TYPE_S390_PV_GUEST)) { > > +return 0; > > +

Re: [PATCH v7 13/13] s390: Recognize confidential-guest-support option

2021-01-14 Thread Christian Borntraeger
On 14.01.21 10:19, Christian Borntraeger wrote: > > > On 14.01.21 10:10, Christian Borntraeger wrote: >> >> >> On 14.01.21 00:58, David Gibson wrote: >> [...] >>> +int s390_pv_init(ConfidentialGuestSupport *cgs, Error **errp) >>> +{ >>> +if (!object_dynamic_cast(OBJECT(cgs), TYPE_S390_PV_G

Re: [PATCH v7 13/13] s390: Recognize confidential-guest-support option

2021-01-14 Thread Christian Borntraeger
On 14.01.21 10:10, Christian Borntraeger wrote: > > > On 14.01.21 00:58, David Gibson wrote: > [...] >> +int s390_pv_init(ConfidentialGuestSupport *cgs, Error **errp) >> +{ >> +if (!object_dynamic_cast(OBJECT(cgs), TYPE_S390_PV_GUEST)) { >> +return 0; >> +} >> + >> +if (!s3

Re: [PATCH v7 13/13] s390: Recognize confidential-guest-support option

2021-01-14 Thread Christian Borntraeger
On 14.01.21 00:58, David Gibson wrote: [...] > +int s390_pv_init(ConfidentialGuestSupport *cgs, Error **errp) > +{ > +if (!object_dynamic_cast(OBJECT(cgs), TYPE_S390_PV_GUEST)) { > +return 0; > +} > + > +if (!s390_has_feat(S390_FEAT_UNPACK)) { > +error_setg(errp, > +

[PATCH v7 13/13] s390: Recognize confidential-guest-support option

2021-01-13 Thread David Gibson
At least some s390 cpu models support "Protected Virtualization" (PV), a mechanism to protect guests from eavesdropping by a compromised hypervisor. This is similar in function to other mechanisms like AMD's SEV and POWER's PEF, which are controlled by the "confidential-guest-support" machine opti