[PATCH] docs: Describe protected virtualization guest setup

Viktor Mihajlovski mihajlov at linux.ibm.com
Wed Apr 29 15:08:31 UTC 2020 


On 4/29/20 3:29 PM, Daniel P. Berrangé wrote:
> On Tue, Apr 28, 2020 at 05:58:02PM +0200, Boris Fiuczynski wrote:
>> From: Viktor Mihajlovski <mihajlov at linux.ibm.com>
>>
>> Protected virtualization/IBM Secure Execution for Linux protects
>> guest memory and state from the host.
>>
>> Add some basic information about technology and a brief guide
>> on setting up secure guests with libvirt.
>>
>> Signed-off-by: Viktor Mihajlovski <mihajlov at linux.ibm.com>
>> Reviewed-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
>> Reviewed-by: Paulo de Rezende Pinatti <ppinatti at linux.ibm.com>
>> ---
>>   docs/kbase.html.in                      |   3 +
>>   docs/kbase/protected_virtualization.rst | 188 ++++++++++++++++++++++++
> 
> I'd suggest calling this  s390_protected_virt.rst
We can do that.
> 
>> diff --git a/docs/kbase.html.in b/docs/kbase.html.in
>> index c586e0f676..05a3239224 100644
>> --- a/docs/kbase.html.in
>> +++ b/docs/kbase.html.in
>> @@ -14,6 +14,9 @@
>>           <dt><a href="kbase/secureusage.html">Secure usage</a></dt>
>>           <dd>Secure usage of the libvirt APIs</dd>
>>   
>> +        <dt><a href="kbase/protected_virtualization.html">Protected virtualization</a></dt>
> 
> "s390 Protected virtualization"  as the title
> 
The terminology that was used in the KVM upstream code is simply 
protected virtualization without a prefix, so I'd avoid creating a new 
denomination in libvirt.
Alternatively we could use the (unmodified) marketing name "IBM Secure 
Execution for Linux" here and below in the RST and reverse the "also 
known as" sentence in the overview.
>> +        <dd>Running secure guests with IBM Secure Execution</dd>
> 
> s/secure guests/secure s390 guests/OK
> 
>> +
>>           <dt><a href="kbase/launch_security_sev.html">Launch security</a></dt>
>>           <dd>Securely launching VMs with AMD SEV</dd>
>>   
>> diff --git a/docs/kbase/protected_virtualization.rst b/docs/kbase/protected_virtualization.rst
>> new file mode 100644
>> index 0000000000..48f2add14e
>> --- /dev/null
>> +++ b/docs/kbase/protected_virtualization.rst
>> @@ -0,0 +1,188 @@
>> +========================
>> +Protected Virtualization
> 
> s/^/s390/
> 
see above

[...]
-- 
Kind Regards,
    Viktor

More information about the libvir-list mailing list