On 12/02/2026 21.43, Zhuoying Cai wrote:
Add documentation for secure IPL
Signed-off-by: Collin Walling <[email protected]>
---
docs/specs/s390x-secure-ipl.rst | 55 +++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
index e7a93806f6..b20500529a 100644
--- a/docs/specs/s390x-secure-ipl.rst
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -1,5 +1,60 @@
.. SPDX-License-Identifier: GPL-2.0-or-later
+s390 Secure IPL
+===============
+
+Secure IPL (a.k.a. secure boot) enables s390-ccw virtual machines to
+leverage qcrypto libraries and z/Architecture emulations to verify the
+integrity of signed kernels. The qcrypto libraries are used to perform
+certificate validation and signature-verification, whereas the
+z/Architecture emulations are used to ensure secure IPL data has not
+been tampered with, convey data between QEMU and userspace, and set up
+the relevant secure IPL data structures with verification results.
+
+To find out more about using this feature, see
+``docs/system/s390x/secure-ipl.rst``.
+
+Note that "userspace" will refer to the s390-ccw BIOS unless stated
As mentioned in an earlier patch already, I'd maybe rather replace the term
"userspace" here (and in the text below) by "guest code", that's less confusing.
Thomas
