Terminology

IBM® Secure Execution for Linux® uses the terminology listed here.

add-secret requests (add-secret requests)
A container for a secret that is submitted to the secret store of the ultravisor.
boot image
A disk image that has been prepared as a boot device. It contains all data that is required to start a Linux instance. This data includes a kernel image, an initial RAM disk, kernel parameters, and a boot loader.
host key document
Contains the public host key in an X.509 certificate format, signed with an IBM key. A host key document is like a certificate with IBM as the trusted third party.
HSM master key
An HSM master key encrypts all other keys on that HSM. These are sometimes also called HSM wrapping keys or EP11 wrapping keys.
KVM virtual server, virtual server

Virtualized IBM Z® resources that comprise processor, memory, and I/O capabilities as provided and managed by KVM. A virtual server can include an operating system.

KVM guest, guest, guest operating system
An operating system of a virtual server.
KVM host, host, hypervisor
The Linux instance that runs the KVM virtual servers and manages their resources.
master key verification pattern (MKVP)
An MKVP identifies the master key. These patterns are also sometimes called wrapping key verification patterns.
protected virtualization
An alternative name for IBM SEL that still exists in some program code and, for example, in the names of the IBM SEL commands: pvimg, pvsecret.
Secure guest ownership
The secure guest owner refers to the entity that possesses the secrets necessary for accessing and recognizing a secure guest, such as root passwords, TLS/SSH keys, and encryption keys. While the creator typically owns guests they've created, in cases where vendors sell pre-packaged secure guest images, ownership must transfer to the customer early in the guest's lifecycle. This transfer, known as personalization, involves replacing vendor-installed secrets with those belonging to the guest owner.