Configuring for IBM Secure Execution for Linux

To support guests in IBM® Secure Execution mode, the configuration of a virtual server must be compatible with IBM Secure Execution for Linux®.

In particular, memory access by virtio devices must be regulated through IOMMU. To prevent IOMMU bypass, guests that are set up for IBM Secure Execution mode provide a bounce buffer that all virtio devices of the virtual server must use. For information about configuring the bounce buffer within the guest, see Introducing IBM Secure Execution for Linux, SC34-7721.

For configuration items that can lead to malfunctioning devices or prevent the guest from running in IBM Secure Execution mode, see Omit items that conflict with IBM Secure Execution for Linux.