diff options
| author | Tony Krowiak <akrowiak@linux.vnet.ibm.com> | 2015-03-12 13:53:51 +0100 |
|---|---|---|
| committer | Cornelia Huck <cornelia.huck@de.ibm.com> | 2015-03-16 10:20:11 +0100 |
| commit | 2eb1cd0768af18fb2398ee7b590e4b81e0e504f9 (patch) | |
| tree | e5df5f14385f9ed8a269f455d4e7550bb1ab4ce3 /qemu-options.hx | |
| parent | 2b147555f78c3c20080b201fd1506467fa0ddf43 (diff) | |
s390x: CPACF: Handle key wrap machine options
Check for the aes_key_wrap and dea_key_wrap machine options and set the
appropriate KVM device attribute(s) to tell the kernel to enable or disable
the AES/DEA protected key functions for the guest domain.
This patch introduces two new machine options for indicating the state of
AES/DEA key wrapping functions. This controls whether the guest will
have access to the AES/DEA crypto functions.
aes_key_wrap="on | off" is changed to aes-key-wrap="on | off"
dea_key_wrap="on | off" is changed to dea-key-wrap="on | off"
Check for the aes-key-wrap and dea-key-wrap machine options and set the
appropriate KVM device attribute(s) to tell the kernel to enable or disable
the AES/DEA protected key functions for the guest domain.
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Message-Id: <1426164834-38648-4-git-send-email-jfrei@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Diffstat (limited to 'qemu-options.hx')
| -rw-r--r-- | qemu-options.hx | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/qemu-options.hx b/qemu-options.hx index 837624db46..ad07ddecd0 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -37,7 +37,9 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \ " kvm_shadow_mem=size of KVM shadow MMU\n" " dump-guest-core=on|off include guest memory in a core dump (default=on)\n" " mem-merge=on|off controls memory merge support (default: on)\n" - " iommu=on|off controls emulated Intel IOMMU (VT-d) support (default=off)\n", + " iommu=on|off controls emulated Intel IOMMU (VT-d) support (default=off)\n" + " aes-key-wrap=on|off controls support for AES key wrapping (default=on)\n" + " dea-key-wrap=on|off controls support for DEA key wrapping (default=on)\n", QEMU_ARCH_ALL) STEXI @item -machine [type=]@var{name}[,prop=@var{value}[,...]] @@ -66,6 +68,14 @@ the host, de-duplicates identical memory pages among VMs instances (enabled by default). @item iommu=on|off Enables or disables emulated Intel IOMMU (VT-d) support. The default is off. +@item aes-key-wrap=on|off +Enables or disables AES key wrapping support on s390-ccw hosts. This feature +controls whether AES wrapping keys will be created to allow +execution of AES cryptographic functions. The default is on. +@item dea-key-wrap=on|off +Enables or disables DEA key wrapping support on s390-ccw hosts. This feature +controls whether DEA wrapping keys will be created to allow +execution of DEA cryptographic functions. The default is on. @end table ETEXI |