qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests wit


From: Christian Borntraeger
Subject: Re: [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot
Date: Thu, 23 Jul 2020 17:52:23 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0


On 23.07.20 17:05, Cornelia Huck wrote:
> On Tue, 21 Jul 2020 14:29:29 +0200
> Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> 
>> On 21.07.20 14:25, Janosch Frank wrote:
>>> On 7/21/20 12:32 PM, Christian Borntraeger wrote:  
>>>> Right now -no-reboot does prevent secure execution guests from running.  
>>>
>>> s/-no-reboot/--no-reboot/  
>>
>> Actually qemu --help gives the parameters with just one "-"
>>
>>
>> Not sure about secure vs protected. Whatever Conny prefers.
> 
> The doc seems to talk about "protected virtualization", "protected
> mode", and "secure guests". What about (slight rewording):
> 
> "s390x/protvirt: allow to IPL secure guests with -no-reboot
> 
> Right now, -no-reboot prevents secure guests from running. This is
> correct from an implementation point of view, as we have modeled the
> transition from non-secure to secure as a program directed IPL. From a
> user perspective, this is not the behavior of least surprise.
> 
> We should implement the IPL into protected mode similar to the functions
> that we use for kdump/kexec. In other words, we do not stop here when
> -no-reboot is specified on the command line. Like function 0 or function
> 1, function 10 is not a classic reboot. For example, it can only be called
> once. Before calling it a second time, a real reboot/reset must happen
> in-between. So function code 10 is more or less a state transition
> reset, but not a "standard" reset or reboot."
> 
> I think this is still appropriate for hard freeze.

i agree. Can you pick this up and fixup the patch description according to
your preference? Your proposal looks fine. 



reply via email to

[Prev in Thread] Current Thread [Next in Thread]