Preparing the virtual server

Edit online

Add the launchSecurity element with type s390-pv to the domain configuration-XML of your virtual server to set defaults that simplify configuring the virtual server for IBM® Secure Execution for Linux®.

<domain type="kvm">
    ...
    <launchSecurity type="s390-pv"/>
    ...
</domain>

For example, this setting makes the required bounce buffer for virtio devices the default and you do not have to specify it explicitly for each device, see Enable each device separately to use the bounce buffer. This setting also leads to warning messages if the CPU model of the virtual server does not include all features that are required by IBM Secure Execution for Linux.

To confirm that this setting is available in your environment, look for the following line in the output of the virsh domcapabilities command:

<s390-pv supported="yes">

Alternatively, you can use the virt-host-validate command and look for the following output line:

QEMU: Checking for secure guest support                     : PASS

The virt-host-validate command generally checks the host requirements for IBM Secure Execution for Linux, see IBM Secure Execution for Linux.