On Tue, 21 Jul 2020 14:29:29 +0200 Christian Borntraeger <[email protected]> wrote:
> On 21.07.20 14:25, Janosch Frank wrote: > > On 7/21/20 12:32 PM, Christian Borntraeger wrote: > >> Right now -no-reboot does prevent secure execution guests from running. > > > > s/-no-reboot/--no-reboot/ > > Actually qemu --help gives the parameters with just one "-" > > > Not sure about secure vs protected. Whatever Conny prefers. The doc seems to talk about "protected virtualization", "protected mode", and "secure guests". What about (slight rewording): "s390x/protvirt: allow to IPL secure guests with -no-reboot Right now, -no-reboot prevents secure guests from running. This is correct from an implementation point of view, as we have modeled the transition from non-secure to secure as a program directed IPL. From a user perspective, this is not the behavior of least surprise. We should implement the IPL into protected mode similar to the functions that we use for kdump/kexec. In other words, we do not stop here when -no-reboot is specified on the command line. Like function 0 or function 1, function 10 is not a classic reboot. For example, it can only be called once. Before calling it a second time, a real reboot/reset must happen in-between. So function code 10 is more or less a state transition reset, but not a "standard" reset or reboot." I think this is still appropriate for hard freeze.
