Terminology
IBM® Secure Execution for Linux® uses the terminology listed here.
- add-secret requests (add-secret requests)
- A container for a secret that is submitted to the secret store of the ultravisor.
- boot image
- A disk image that has been prepared as a boot device. It contains all data that is required to start a Linux instance. This data includes a kernel image, an initial RAM disk, kernel parameters, and a boot loader.
- host key document
- Contains the public host key in an X.509 certificate format, signed with an IBM key. A host key document is like a certificate with IBM as the trusted third party.
- HSM master key
- An HSM master key encrypts all other keys on that HSM. These are sometimes also called HSM wrapping keys or EP11 wrapping keys.
- KVM virtual server, virtual server
-
Virtualized IBM Z® resources that comprise processor, memory, and I/O capabilities as provided and managed by KVM. A virtual server can include an operating system.
- KVM guest, guest, guest operating system
- An operating system of a virtual server.
- KVM host, host, hypervisor
- The Linux instance that runs the KVM virtual servers and manages their resources.
- master key verification pattern (MKVP)
- An MKVP identifies the master key. These patterns are also sometimes called wrapping key verification patterns.
- protected virtualization
- An alternative name for IBM SEL that still exists in some program code and, for example, in the names of the IBM SEL commands: pvimg, pvsecret.
- Secure guest ownership
- The secure guest owner refers to the entity that possesses the secrets necessary for accessing
and recognizing a secure guest, such as root passwords, TLS/SSH keys, and encryption keys. While the
creator typically owns guests they've created, in cases where vendors sell pre-packaged secure guest
images, ownership must transfer to the customer early in the guest's lifecycle. This transfer, known
as
personalization
, involves replacing vendor-installed secrets with those belonging to the guest owner.