conferences | speakers | series

Introduction to Secure Execution for s390x

home

Introduction to Secure Execution for s390x
FOSDEM 2023

IBM Z (s390x) has been supporting confidential virtual machines for a few years now. It is a Linux-first feature, fully supported by KVM and Qemu.

This presentation will introduce the technology, the architectural extensions, the typical lifecycle of host and guest, the unique features, and how KVM and Qemu have been adapted to support it.

Some of the interesting and unique features covered in the presentation are: * allowing for swapping guest memory in the host * not requiring encryption of guest memory when running * implicit attestation * explicit attestation * secure dumps

The lifecycle of a secure guest will be presented including all interactions among the guest, the host, the trusted hardware/firmware (Ultravisor), and the attestation agent.

Speakers: Claudio Imbrenda Steffen Eiden