Re: [PATCH v4 19/28] pc-bios/s390-ccw: Refactor zipl_load_segment function

On 7/14/25 6:10 PM, Collin Walling wrote: > On 7/11/25 5:10 PM, Zhuoying Cai wrote: >> Make the address variable a parameter of zipl_load_segment and return >> segment length. > > There's mixed use of the term "comp_len" and "segment length".

[PATCH v4 14/28] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers

Define a memory space for both IPL Parameter Block (IPLB) and IPL Information Report Block (IIRB) since IIRB is stored immediately following IPLB. Convert IPLB to pointer and it points to the start of the defined memory space. IIRB points to the end of IPLB. Signed-off-by: Zhuoying Cai --- pc

[PATCH v4 17/28] s390x: Guest support for Secure-IPL Facility

ility of the extended-length-SCCB, so add it as a check for consistency. When SIPL facility is installed, the IPL Parameter Block length must contains value that is multiple of 8 bytes. Signed-off-by: Zhuoying Cai --- hw/s390x/sclp.c | 2 ++ include/hw/s390x/sclp.h

[PATCH v4 03/28] hw/s390x/ipl: Create certificate store

PEM format only. Additionally, only the SHA-256 hashing algorithm is supported, as it is required for secure boot on s390. Signed-off-by: Zhuoying Cai --- hw/s390x/cert-store.c | 223 hw/s390x/cert-store.h | 39 +++ hw/s390x/ipl.c

[PATCH v4 26/28] pc-bios/s390-ccw: Handle secure boot with multiple boot devices

the SCSI scheme). If multiple boot devices are provided and include an unsupported (e.g., ECKD, VFIO) or a non-eligible (e.g., Net) device, the boot process will terminate with an error logged to the console. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c | 28 +- pc-bios

[PATCH v4 02/28] crypto/x509-utils: Add helper functions for certificate store

signature algorithm of the certificate These functions provide support for certificate format conversion and metadata extraction. Signed-off-by: Zhuoying Cai --- crypto/meson.build | 5 +- crypto/x509-utils.c | 155 include/crypto/x509-utils.h

[PATCH v4 25/28] pc-bios/s390-ccw: Handle true secure IPL mode

-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c| 16 +--- pc-bios/s390-ccw/main.c | 6 +- pc-bios/s390-ccw/s390-ccw.h | 2 ++ pc-bios/s390-ccw/secure-ipl.c | 4 pc-bios/s390-ccw/secure-ipl.h | 3 +++ 5 files changed, 27 insertions(+), 4 deletions(-) diff --git

[PATCH v4 21/28] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF)

The secure-IPL-code-loading-attributes facility (SCLAF) provides additional security during IPL. Availability of SCLAF is determined by byte 136 bit 3 of the SCLP Read Info block. Signed-off-by: Zhuoying Cai --- target/s390x/cpu_features.c | 1 + target/s390x/cpu_features_def.h.inc | 1

[PATCH v4 19/28] pc-bios/s390-ccw: Refactor zipl_load_segment function

variable in zipl_load_segment. comp_len variable is necessary to store the calculated segment length and is used during signature verification. Return the length on success, or a negative return code on failure. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c | 12 +++- 1 file

[PATCH v4 18/28] pc-bios/s390-ccw: Refactor zipl_run()

Refactor to enhance readability before enabling secure IPL in later patches. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c | 58 ++ 1 file changed, 34 insertions(+), 24 deletions(-) diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw

[PATCH v4 12/28] s390x/diag: Implement DIAG 508 subcode 1 for signature verification

invalid 0x0302: signature is not in PKCS#7 format 0x0402: signature-verification failed Signed-off-by: Collin Walling Signed-off-by: Zhuoying Cai --- include/hw/s390x/ipl/diag508.h | 23 +++ target/s390x/diag.c| 112 - 2 files changed

[PATCH v4 11/28] crypto/x509-utils: Add helper functions for DIAG 508 subcode 1

verification support. Signed-off-by: Zhuoying Cai --- crypto/x509-utils.c | 110 include/crypto/x509-utils.h | 39 + 2 files changed, 149 insertions(+) diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c index 135f83f55e..2b1ed5ee26

[PATCH v4 16/28] hw/s390x/ipl: Set iplb->len to maximum length of IPL Parameter Block

to the maximum length of the IPLB, allowing alignment constraints to be determined based on its size. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 6 +++--- hw/s390x/ipl.h | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index 8ac0cee73d..d1a9

[PATCH v4 24/28] hw/s390x/ipl: Set IPIB flags for secure IPL

. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 18 +- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index d1a972ac8d..a196e1d648 100644 --- a/hw/s390x/ipl.c +++ b/hw/s390x/ipl.c @@ -437,6 +437,11 @@ static bool s390_has_certificate

[PATCH v4 08/28] crypto/x509-utils: Add helper functions for DIAG 320 subcode 2

rithm() - returns the public key algorithm used in the certificate qcrypto_x509_get_cert_key_id() - extracts the key ID from the certificate These functions provide support for metadata extraction and validity checking for X.509 certificates. Signed-off-by: Zhuoying Cai --- crypto/x509-ut

[PATCH v4 10/28] s390x/diag: Introduce DIAG 508 for secure IPL operations

From: Collin Walling In order to support secure IPL (aka secure boot) for the s390-ccw BIOS, a new s390 DIAGNOSE instruction is introduced to leverage QEMU for handling operations such as signature verification and certificate retrieval. Currently, only subcode 0 is supported with this patch, wh

[PATCH v4 00/28] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices

e for clarity Collin L. Walling (2): s390x/diag: Introduce DIAG 508 for secure IPL operations s390x/diag: Implement DIAG 508 subcode 1 for signature verification Zhuoying Cai (26): Add boot-certificates to s390-ccw-virtio machine type option crypto/x509-utils: Add helper functions for cert

[PATCH v4 23/28] Add secure-boot to s390-ccw-virtio machine type option

Add secure-boot as a parameter of s390-ccw-virtio machine type option. The `secure-boot=on|off` parameter is implemented to enable secure IPL. By default, secure-boot is set to false if not specified in the command line. Signed-off-by: Zhuoying Cai --- hw/s390x/s390-virtio-ccw.c | 22

[PATCH v4 01/28] Add boot-certificates to s390-ccw-virtio machine type option

Add boot-certificates as a parameter of s390-ccw-virtio machine type option. The `boot-certificates=/path/dir:/path/file` parameter is implemented to provide path to either a directory or a single certificate. Multiple paths can be delineated using a colon. Signed-off-by: Zhuoying Cai --- hw

[PATCH v4 27/28] hw/s390x/ipl: Handle secure boot without specifying a boot device

If secure boot in audit mode or True Secure IPL mode is enabled without specifying a boot device, the boot process will terminate with an error. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index

[PATCH v4 04/28] s390x: Guest support for Certificate Store Facility (CS)

k for consistency. Note: secure IPL is not available for Secure Execution (SE) guests, as their images are already integrity protected, and an additional protection of the kernel by secure IPL is not necessary. Signed-off-by: Zhuoying Cai --- target/s390x/cpu_features.c | 1 + target/

[PATCH v4 13/28] pc-bios/s390-ccw: Introduce IPL Information Report Block (IIRB)

case (failure or success) are stored. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/iplb.h | 62 + 1 file changed, 62 insertions(+) diff --git a/pc-bios/s390-ccw/iplb.h b/pc-bios/s390-ccw/iplb.h index 08f259ff31..bdbc733e16 100644 --- a/pc-bios/s390-ccw

[PATCH v4 15/28] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block

will exist and results of verification will be stored in IIRB. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 20 hw/s390x/ipl.h | 17 - include/hw/s390x/ipl/diag308.h | 34 ++ include/hw/s390x

[PATCH v4 28/28] docs: Add secure IPL documentation

Add documentation for secure IPL Signed-off-by: Collin Walling Signed-off-by: Zhuoying Cai --- docs/specs/s390x-secure-ipl.rst | 159 +++ docs/system/s390x/secure-ipl.rst | 156 ++ 2 files changed, 315 insertions(+) create mode 100644

[PATCH v4 07/28] s390x/diag: Implement DIAG 320 subcode 1

completes successfully. Signed-off-by: Zhuoying Cai --- include/hw/s390x/ipl/diag320.h | 23 ++ target/s390x/diag.c| 36 +- 2 files changed, 58 insertions(+), 1 deletion(-) diff --git a/include/hw/s390x/ipl/diag320.h b/include/hw

[PATCH v4 22/28] pc-bios/s390-ccw: Add additional security checks for secure boot

secure boot checks are performed during zipl and store results of verification into IIRB. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c| 27 ++- pc-bios/s390-ccw/iplb.h | 26 ++- pc-bios/s390-ccw/s390-ccw.h | 1 + pc-bios/s390-ccw/sclp.c | 8 + pc-bios/s390

[PATCH v4 09/28] s390x/diag: Implement DIAG 320 subcode 2

contains information about a certificate retrieved from the S390IPLCertificateStore, such as the certificate name, key type, key ID length, hash length, and the raw certificate data. The key ID and hash are extracted from the raw certificate by the crypto API. Signed-off-by: Zhuoying Cai --- include

[PATCH v4 20/28] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode

Facility and secure IPL extension support). Note: Secure IPL in audit mode is implemented for the SCSI scheme of virtio-blk/virtio-scsi devices. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/Makefile | 3 +- pc-bios/s390-ccw/bootmap.c| 193 +- pc-bios

[PATCH v4 06/28] s390x/diag: Refactor address validation check from diag308_parm_check

Create a function to validate the address parameter of DIAGNOSE. Refactor the function for reuse in the next patch, which allows address validation in read or write operation of DIAGNOSE. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.h | 6 ++ target/s390x/diag.c | 4 +--- 2 files

[PATCH v4 05/28] s390x/diag: Introduce DIAG 320 for certificate store facility

are supported. Signed-off-by: Zhuoying Cai --- include/hw/s390x/ipl/diag320.h | 17 ++ target/s390x/diag.c| 41 ++ target/s390x/kvm/kvm.c | 14 target/s390x/s390x-internal.h | 2 ++ target/s390x/tcg/misc_helper.c | 7

Re: [PATCH v3 03/28] hw/s390x/ipl: Create certificate store

On 6/6/25 6:31 AM, Daniel P. Berrangé wrote: > On Wed, Jun 04, 2025 at 05:56:31PM -0400, Zhuoying Cai wrote: >> Create a certificate store for boot certificates used for secure IPL. >> >> Load certificates from the boot-certificate parameter of s390-ccw-virtio >> machin

Re: [PATCH v3 01/28] Add boot-certificates to s390-ccw-virtio machine type option

On 6/24/25 11:03 AM, Jared Rossi wrote: > > > On 6/20/25 11:45 AM, Zhuoying Cai wrote: >> On 6/6/25 10:00 AM, Daniel P. Berrangé wrote: >>> On Wed, Jun 04, 2025 at 05:56:29PM -0400, Zhuoying Cai wrote: >>>> Add boot-certificates as a parameter of s390-

Re: [PATCH 1/1] hw/s390x: Use preferred API call for IPLB chain write

On 6/23/25 4:12 PM, jro...@linux.ibm.com wrote: > From: Jared Rossi > > Replace a recently introduced legacy API call with the preferred API call. > > fixes: 0927875 (hw/s390x: Build an IPLB for each boot device) > Signed-off-by: Jared Rossi > --- > hw/s390x/ipl.c | 10 +- > 1 file cha

Re: [PATCH] MAINTAINERS: add reviewers for some s390 areas

On 6/23/25 12:00 PM, Matthew Rosato wrote: > To improve review coverage, assign additional people as reviewers for > multiple s390 sections. > > Signed-off-by: Matthew Rosato Acked-by: Zhuoying Cai > --- > MAINTAINERS | 12 > 1 file changed, 12 insertions

Re: [PATCH v3 01/28] Add boot-certificates to s390-ccw-virtio machine type option

On 6/6/25 10:00 AM, Daniel P. Berrangé wrote: > On Wed, Jun 04, 2025 at 05:56:29PM -0400, Zhuoying Cai wrote: >> Add boot-certificates as a parameter of s390-ccw-virtio machine type option. >> >> The `boot-certificates=/path/dir:/path/file` parameter is implemented >>

Re: [PATCH v3 02/28] crypto/x509-utils: Add helper functions for certificate store

On 6/18/25 1:57 AM, Markus Armbruster wrote: > Zhuoying Cai writes: > >> On 6/17/25 6:58 AM, Markus Armbruster wrote: >>> Zhuoying Cai writes: >>> >>>> Add helper functions for x509 certificate which will be used in the next >>>> pa

Re: [PATCH v3 02/28] crypto/x509-utils: Add helper functions for certificate store

On 6/17/25 6:58 AM, Markus Armbruster wrote: > Zhuoying Cai writes: > >> Add helper functions for x509 certificate which will be used in the next >> patch for the certificate store. >> >> Signed-off-by: Zhuoying Cai > > [...] > >> diff --git a

[PATCH v3 05/28] s390x/diag: Introduce DIAG 320 for certificate store facility

are supported. Signed-off-by: Zhuoying Cai --- include/hw/s390x/ipl/diag320.h | 17 ++ target/s390x/diag.c| 41 ++ target/s390x/kvm/kvm.c | 14 target/s390x/s390x-internal.h | 2 ++ target/s390x/tcg/misc_helper.c | 7

[PATCH v3 19/28] pc-bios/s390-ccw: Refactor zipl_load_segment function

variable in zipl_load_segment. comp_len variable is necessary to store the calculated segment length and is used during signature verification. Return the length on success, or a negative return code on failure. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c | 12 +++- 1 file

[PATCH v3 23/28] Add secure-boot to s390-ccw-virtio machine type option

Add secure-boot as a parameter of s390-ccw-virtio machine type option. The `secure-boot=on|off` parameter is implemented to enable secure IPL. By default, secure-boot is set to false if not specified in the command line. Signed-off-by: Zhuoying Cai --- hw/s390x/s390-virtio-ccw.c | 22

[PATCH v3 27/28] hw/s390x/ipl: Handle secure boot without specifying a boot device

If secure boot in audit mode or True Secure IPL mode is enabled without specifying a boot device, the boot process will terminate with an error. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index

[PATCH v3 28/28] docs: Add secure IPL documentation

Add documentation for secure IPL Signed-off-by: Collin Walling Signed-off-by: Zhuoying Cai --- docs/specs/s390x-secure-ipl.rst | 145 +++ docs/system/s390x/secure-ipl.rst | 129 +++ 2 files changed, 274 insertions(+) create mode 100644 docs

[PATCH v3 26/28] pc-bios/s390-ccw: Handle secure boot with multiple boot devices

the SCSI scheme). If multiple boot devices are provided and include an unsupported (e.g., ECKD, VFIO) or a non-eligible (e.g., Net) device, the boot process will terminate with an error logged to the console. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c | 28 +- pc-bios

[PATCH v3 06/28] s390x/diag: Refactor address validation check from diag308_parm_check

Create a function to validate the address parameter of DIAGNOSE. Refactor the function for reuse in the next patch, which allows address validation in read or write operation of DIAGNOSE. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.h | 6 ++ target/s390x/diag.c | 4 +--- 2 files

[PATCH v3 22/28] pc-bios/s390-ccw: Add additional security checks for secure boot

secure boot checks are performed during zipl and store results of verification into IIRB. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c| 43 ++- pc-bios/s390-ccw/iplb.h | 43 ++- pc-bios/s390-ccw/s390-ccw.h | 1 + pc-bios/s390-ccw/sclp.c | 8 ++ pc

[PATCH v3 13/28] pc-bios/s390-ccw: Introduce IPL Information Report Block (IIRB)

case (failure or success) are stored. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/iplb.h | 62 + 1 file changed, 62 insertions(+) diff --git a/pc-bios/s390-ccw/iplb.h b/pc-bios/s390-ccw/iplb.h index 08f259ff31..bdbc733e16 100644 --- a/pc-bios/s390-ccw

[PATCH v3 17/28] s390x: Guest support for Secure-IPL Facility

ility of the extended-length-SCCB, so add it as a check for consistency. When SIPL facility is installed, the IPL Parameter Block length must contains value that is multiple of 8 bytes. Signed-off-by: Zhuoying Cai --- hw/s390x/sclp.c | 2 ++ include/hw/s390x/sclp.h

[PATCH v3 02/28] crypto/x509-utils: Add helper functions for certificate store

Add helper functions for x509 certificate which will be used in the next patch for the certificate store. Signed-off-by: Zhuoying Cai --- crypto/meson.build | 5 +- crypto/x509-utils.c | 166 include/crypto/x509-utils.h | 54

[PATCH v3 01/28] Add boot-certificates to s390-ccw-virtio machine type option

Add boot-certificates as a parameter of s390-ccw-virtio machine type option. The `boot-certificates=/path/dir:/path/file` parameter is implemented to provide path to either a directory or a single certificate. Multiple paths can be delineated using a colon. Signed-off-by: Zhuoying Cai --- hw

[PATCH v3 00/28] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices

ddresses and lengths of the component and signature to be used for signature verification. Upon verification, an index and the length of the certificate used is stored. Collin L. Walling (2): s390x/diag: Introduce DIAG 508 for secure IPL operations s390x/diag: Implement DIAG 508 subcode 1 for

[PATCH v3 09/28] s390x/diag: Implement DIAG 320 subcode 2

contains information about a certificate retrieved from the S390IPLCertificateStore, such as the certificate name, key type, key ID length, hash length, and the raw certificate data. The key ID and hash are extracted from the raw certificate by the crypto API. Signed-off-by: Zhuoying Cai --- include

[PATCH v3 21/28] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF)

The secure-IPL-code-loading-attributes facility (SCLAF) provides additional security during IPL. Availability of SCLAF is determined by byte 136 bit 3 of the SCLP Read Info block. Signed-off-by: Zhuoying Cai --- target/s390x/cpu_features.c | 1 + target/s390x/cpu_features_def.h.inc | 1

[PATCH v3 16/28] hw/s390x/ipl: Set iplb->len to maximum length of IPL Parameter Block

to the maximum length of the IPLB, allowing alignment constraints to be determined based on its size. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 6 +++--- hw/s390x/ipl.h | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index 8ac0cee73d..d1a9

[PATCH v3 18/28] pc-bios/s390-ccw: Refactor zipl_run()

Refactor to enhance readability before enabling secure IPL in later patches. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c | 58 ++ 1 file changed, 34 insertions(+), 24 deletions(-) diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw

[PATCH v3 24/28] hw/s390x/ipl: Set IPIB flags for secure IPL

. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 18 +- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index d1a972ac8d..a196e1d648 100644 --- a/hw/s390x/ipl.c +++ b/hw/s390x/ipl.c @@ -437,6 +437,11 @@ static bool s390_has_certificate

[PATCH v3 25/28] pc-bios/s390-ccw: Handle true secure IPL mode

-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c| 16 +--- pc-bios/s390-ccw/main.c | 6 +- pc-bios/s390-ccw/s390-ccw.h | 2 ++ pc-bios/s390-ccw/secure-ipl.c | 5 + pc-bios/s390-ccw/secure-ipl.h | 3 +++ 5 files changed, 28 insertions(+), 4 deletions(-) diff

[PATCH v3 11/28] crypto: Add helper functions for DIAG 508 subcode 1

Add helper functions for x509 certificate which will be used in the next patch for DIAG 508 subcode 1. Signed-off-by: Zhuoying Cai --- crypto/x509-utils.c | 61 + include/crypto/x509-utils.h | 20 2 files changed, 81 insertions(+) diff

[PATCH v3 12/28] s390x/diag: Implement DIAG 508 subcode 1 for signature verification

0x0302: signature is not in PKCS#7 format 0x0402: signature-verification failed Signed-off-by: Collin Walling Signed-off-by: Zhuoying Cai --- include/hw/s390x/ipl/diag508.h | 23 + target/s390x/diag.c| 86 +- 2 files changed, 108

[PATCH v3 15/28] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block

will exist and results of verification will be stored in IIRB. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 20 hw/s390x/ipl.h | 17 - include/hw/s390x/ipl/diag308.h | 34 ++ include/hw/s390x

[PATCH v3 04/28] s390x: Guest support for Certificate Store Facility (CS)

k for consistency. Note: secure IPL is not available for Secure Execution (SE) guests, as their images are already integrity protected, and an additional protection of the kernel by secure IPL is not necessary. Signed-off-by: Zhuoying Cai --- target/s390x/cpu_features.c | 1 + target/

[PATCH v3 14/28] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers

Define a memory space for both IPL Parameter Block (IPLB) and IPL Information Report Block (IIRB) since IIRB is stored immediately following IPLB. Convert IPLB to pointer and it points to the start of the defined memory space. IIRB points to the end of IPLB. Signed-off-by: Zhuoying Cai --- pc

[PATCH v3 20/28] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode

Facility and secure IPL extension support). Note: Secure IPL in audit mode is implemented for the SCSI scheme of virtio-blk/virtio-scsi devices. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/Makefile | 3 +- pc-bios/s390-ccw/bootmap.c| 192 +- pc-bios

[PATCH v3 10/28] s390x/diag: Introduce DIAG 508 for secure IPL operations

From: Collin Walling In order to support secure IPL (aka secure boot) for the s390-ccw BIOS, a new s390 DIAGNOSE instruction is introduced to leverage QEMU for handling operations such as signature verification and certificate retrieval. Currently, only subcode 0 is supported with this patch, wh

[PATCH v3 03/28] hw/s390x/ipl: Create certificate store

the types required for secure boot on s390. Signed-off-by: Zhuoying Cai --- hw/s390x/cert-store.c | 247 hw/s390x/cert-store.h | 39 ++ hw/s390x/ipl.c | 9 ++ hw/s390x/ipl.h | 3 + hw/s390x/meson.build| 1

[PATCH v3 08/28] crypto/x509-utils: Add helper functions for DIAG 320 subcode 2

Add helper functions for x509 certificate which will be used in the next patch for DIAG 320 subcode 2. Signed-off-by: Zhuoying Cai --- crypto/x509-utils.c | 190 +++- include/crypto/x509-utils.h | 63 qapi/crypto.json| 20

[PATCH v3 07/28] s390x/diag: Implement DIAG 320 subcode 1

completes successfully. Signed-off-by: Zhuoying Cai --- include/hw/s390x/ipl/diag320.h | 23 ++ target/s390x/diag.c| 36 +- 2 files changed, 58 insertions(+), 1 deletion(-) diff --git a/include/hw/s390x/ipl/diag320.h b/include/hw

Re: [PATCH v2 17/25] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode

On 5/20/25 6:25 AM, Thomas Huth wrote: > On 09/05/2025 00.50, Zhuoying Cai wrote: >> Enable secure IPL in audit mode, which performs signature verification, >> but any error does not terminate the boot process. Only warnings will be >> logged to the console instead. >>

Re: [PATCH v2 07/25] s390x/diag: Implement DIAG 320 subcode 2

On 5/14/25 12:18 PM, Thomas Huth wrote: > On 09/05/2025 00.50, Zhuoying Cai wrote: >> DIAG 320 subcode 2 provides verification-certificates (VCs) that are in the >> certificate store. Only X509 certificates in DER format and SHA-256 hash >> type are recognized. >> >

Re: [PATCH v2 02/25] hw/s390x/ipl: Create certificate store

On 5/14/25 1:43 AM, Thomas Huth wrote: > On 09/05/2025 00.50, Zhuoying Cai wrote: >> Create a certificate store for boot certificates used for secure IPL. >> >> Load certificates from the -boot-certificate option into the cert store. > > Nit: Remove the "-&quo

Re: [PATCH v2 02/25] hw/s390x/ipl: Create certificate store

On 5/14/25 5:03 AM, Daniel P. Berrangé wrote: > On Thu, May 08, 2025 at 06:50:18PM -0400, Zhuoying Cai wrote: >> Create a certificate store for boot certificates used for secure IPL. >> >> Load certificates from the -boot-certificate option into the cert store. >&

[PATCH v2 08/25] s390x/diag: Introduce DIAG 508 for secure IPL operations

From: Collin Walling In order to support secure IPL (aka secure boot) for the s390-ccw BIOS, a new s390 DIAGNOSE instruction is introduced to leverage QEMU for handling operations such as signature verification and certificate retrieval. Currently, only subcode 0 is supported with this patch, wh

[PATCH v2 12/25] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block

will exist and results of verification will be stored in IIRB. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 20 hw/s390x/ipl.h | 17 - include/hw/s390x/ipl/diag308.h | 34 ++ include/hw/s390x

[PATCH v2 22/25] pc-bios/s390-ccw: Handle true secure IPL mode

-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c| 16 +--- pc-bios/s390-ccw/main.c | 6 +- pc-bios/s390-ccw/s390-ccw.h | 2 ++ pc-bios/s390-ccw/secure-ipl.c | 5 + pc-bios/s390-ccw/secure-ipl.h | 2 ++ 5 files changed, 27 insertions(+), 4 deletions(-) diff --git

[PATCH v2 14/25] s390x: Guest support for Secure-IPL Facility

ility of the extended-length-SCCB, so add it as a check for consistency. When SIPL facility is installed, the IPL Parameter Block length must contains value that is multiple of 8 bytes. Signed-off-by: Zhuoying Cai --- hw/s390x/sclp.c | 2 ++ include/hw/s390x/sclp.h

[PATCH v2 20/25] Add -secure-boot to s390-ccw-virtio machine type option

Add -secure-boot as a parameter of s390-ccw-virtio machine type option. The `-secure-boot on|off` command line option is implemented to enable secure IPL. By default, -secure-boot is set to false if not specified in the command line. Signed-off-by: Zhuoying Cai --- hw/s390x/s390-virtio-ccw.c

[PATCH v2 03/25] s390x: Guest support for Certificate Store Facility (CS)

k for consistency. Note: secure IPL is not available for Secure Execution (SE) guests, as their images are already integrity protected, and an additional protection of the kernel by secure IPL is not necessary. Signed-off-by: Zhuoying Cai --- target/s390x/cpu_features.c | 1 + target/

[PATCH v2 18/25] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF)

The secure-IPL-code-loading-attributes facility (SCLAF) provides additional security during IPL. Availability of SCLAF is determined by byte 136 bit 3 of the SCLP Read Info block. Signed-off-by: Zhuoying Cai --- target/s390x/cpu_features.c | 1 + target/s390x/cpu_features_def.h.inc | 1

[PATCH v2 10/25] pc-bios/s390-ccw: Introduce IPL Information Report Block (IIRB)

case (failure or success) are stored. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/iplb.h | 62 + 1 file changed, 62 insertions(+) diff --git a/pc-bios/s390-ccw/iplb.h b/pc-bios/s390-ccw/iplb.h index 08f259ff31..bdbc733e16 100644 --- a/pc-bios/s390-ccw

[PATCH v2 21/25] hw/s390x/ipl: Set IPIB flags for secure IPL

. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 18 +- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index d1a972ac8d..4c827be121 100644 --- a/hw/s390x/ipl.c +++ b/hw/s390x/ipl.c @@ -437,6 +437,11 @@ static bool s390_has_certificate

[PATCH v2 15/25] pc-bios/s390-ccw: Refactor zipl_run()

Refactor to enhance readability before enabling secure IPL in later patches. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c | 58 ++ 1 file changed, 34 insertions(+), 24 deletions(-) diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw

[PATCH v2 06/25] s390x/diag: Implement DIAG 320 subcode 1

completes successfully. Signed-off-by: Zhuoying Cai --- include/hw/s390x/ipl/diag320.h | 25 ++ target/s390x/diag.c| 38 +- 2 files changed, 62 insertions(+), 1 deletion(-) diff --git a/include/hw/s390x/ipl/diag320.h b/include/hw

[PATCH v2 09/25] s390x/diag: Implement DIAG 508 subcode 1 for signature verification

0x0302: signature is not in PKCS#7 format 0x0402: signature-verification failed Signed-off-by: Collin Walling Signed-off-by: Zhuoying Cai --- crypto/x509-utils.c| 54 +++ include/crypto/x509-utils.h| 4 ++ include/hw/s390x/ipl/diag508.h | 22

[PATCH v2 25/25] docs/system/s390x: Add secure IPL documentation

Add documentation for secure IPL. Signed-off-by: Collin Walling Signed-off-by: Zhuoying Cai --- docs/system/s390x/secure-ipl.rst | 249 +++ 1 file changed, 249 insertions(+) create mode 100644 docs/system/s390x/secure-ipl.rst diff --git a/docs/system/s390x/secure

[PATCH v2 05/25] s390x/diag: Refactor address validation check from diag308_parm_check

Create a function to validate the address parameter of DIAGNOSE. Refactor the function for reuse in the next patch, which allows address validation in read or write operation of DIAGNOSE. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.h | 6 ++ target/s390x/diag.c | 4 +--- 2 files

[PATCH v2 11/25] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers

immediately following IPLB. Convert IPLB to pointer and it points to the start of the defined memory space. IIRB points to the end of IPLB. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/iplb.h | 12 ++-- pc-bios/s390-ccw/jump2ipl.c | 6 +++--- pc-bios/s390-ccw/main.c | 34

[PATCH v2 13/25] hw/s390x/ipl: Set iplb->len to maximum length of IPL Parameter Block

to the maximum length of the IPLB, allowing alignment constraints to be determined based on its size. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 6 +++--- hw/s390x/ipl.h | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index 8ac0cee73d..d1a9

[PATCH v2 16/25] pc-bios/s390-ccw: Refactor zipl_load_segment function

variable in zipl_load_segment. comp_len variable is necessary to store the calculated segment length and is used during signature verification. Return the length on success, or a negative return code on failure. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c | 12 +++- 1 file

[PATCH v2 19/25] pc-bios/s390-ccw: Add additional security checks for secure boot

secure boot checks are performed during zipl and store results of verification into IIRB. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c| 44 ++- pc-bios/s390-ccw/iplb.h | 43 ++- pc-bios/s390-ccw/s390-ccw.h | 1 + pc-bios/s390-ccw/sclp.c | 8 ++ pc

[PATCH v2 02/25] hw/s390x/ipl: Create certificate store

. Signed-off-by: Zhuoying Cai --- crypto/meson.build | 5 +- crypto/x509-utils.c | 163 hw/s390x/cert-store.c | 242 hw/s390x/cert-store.h | 39 ++ hw/s390x/ipl.c | 9 ++ hw/s390x

[PATCH v2 24/25] hw/s390x/ipl: Handle secure boot without specifying a boot device

If secure boot in audit mode or True Secure IPL mode is enabled without specifying a boot device, the boot process will terminate with an error. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index

[PATCH v2 23/25] pc-bios/s390-ccw: Handle secure boot with multiple boot devices

the SCSI scheme). If multiple boot devices are provided and include an unsupported (e.g., ECKD, VFIO) or a non-eligible (e.g., Net) device, the boot process will terminate with an error logged to the console. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c | 28 +- pc-bios

[PATCH v2 01/25] Add -boot-certificates to s390-ccw-virtio machine type option

Add -boot-certificates as a parameter of s390-ccw-virtio machine type option. The `-boot-certificates /path/dir:/path/file` option is implemented to provide path to either a directory or a single certificate. Multiple paths can be delineated using a colon. Signed-off-by: Zhuoying Cai --- hw

[PATCH v2 04/25] s390x/diag: Introduce DIAG 320 for certificate store facility

are supported. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.h | 1 + include/hw/s390x/ipl/diag320.h | 17 +++ target/s390x/diag.c| 40 ++ target/s390x/kvm/kvm.c | 14 target/s390x/s390x-internal.h | 2

[PATCH v2 00/25] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices

ling (2): s390x/diag: Introduce DIAG 508 for secure IPL operations s390x/diag: Implement DIAG 508 subcode 1 for signature verification Zhuoying Cai (23): Add -boot-certificates to s390-ccw-virtio machine type option hw/s390x/ipl: Create certificate store s390x: Guest support for Certif

[PATCH v2 17/25] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode

Facility and secure IPL extension support). Note: Secure IPL in audit mode is implemented for the SCSI scheme of virtio-blk/virtio-scsi devices. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/Makefile | 3 +- pc-bios/s390-ccw/bootmap.c| 192 +- pc-bios

[PATCH v2 07/25] s390x/diag: Implement DIAG 320 subcode 2

contains information about a certificate retrieved from the S390IPLCertificateStore, such as the certificate name, key type, key ID length, hash length, and the raw certificate data. The key ID and hash are extracted from the raw certificate by the crypto API. Signed-off-by: Zhuoying Cai --- crypto

Re: [PATCH v1 24/24] hw/s390x/ipl: Handle secure boot without specifying a boot device

On 4/16/25 6:11 PM, Collin Walling wrote: > On 4/8/25 11:55 AM, Zhuoying Cai wrote: >> If secure boot in audit mode or True Secure IPL mode is enabled without >> specifying a boot device, the boot process will terminate with an error. >> >> Signed-off-by: Zhuoying Cai

Re: [PATCH v1 03/24] s390x: Guest support for Certificate Store Facility (CS)

On 4/11/25 9:28 AM, Thomas Huth wrote: > On 08/04/2025 17.55, Zhuoying Cai wrote: >> DIAG 320 is supported when the certificate-store (CS) facility >> is installed. >> >> Availability of CS facility is determined by byte 134 bit 5 of the >> SCLP Read Info block.

Re: [PATCH v1 01/24] Add -boot-certificates /path/dir:/path/file option in QEMU command line

On 4/11/25 8:57 AM, Daniel P. Berrangé wrote: > On Fri, Apr 11, 2025 at 12:44:17PM +0200, Thomas Huth wrote: >> On 08/04/2025 17.55, Zhuoying Cai wrote: >>> The `-boot-certificates /path/dir:/path/file` option is implemented >>> to provide path to either a direct

[PATCH v1 18/24] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF)

The secure-IPL-code-loading-attributes facility (SCLAF) provides additional security during IPL. Availability of SCLAF is determined by byte 136 bit 3 of the SCLP Read Info block. Signed-off-by: Zhuoying Cai --- target/s390x/cpu_features.c | 1 + target/s390x/cpu_features_def.h.inc | 1

  1   2   >