What you should know

Edit online

Before you start working with IBM® Secure Execution for Linux®, find out about prerequisites and restrictions.

IBM SEL requires an IBM z15™ or LinuxONE III or later models with the feature installed.

As the host is not allowed to access guest memory and state, certain KVM features are not supported, including:
  • Live migration. Offline migration is possible, if the guest is built for more than one host. For more information about how to build for multiple hosts, see pvimg create - Generate an IBM SEL image
  • Save to and restore from disk.
  • Hypervisor-initiated memory dump.
  • Pass-through of host devices, for example PCI and CCW.
  • Using huge memory pages on the host for backing guest memory.
  • Memory ballooning through a virtio-balloon device.

In contrast to regular KVM guests, guests running in Secure Execution mode are limited to 247 virtual CPUs.