Linux as an IBM Secure Execution host or guest
IBM® Secure Execution for Linux was introduced with IBM z15™ and LinuxONE III.
As a KVM host, Ubuntu Server can host KVM guests in IBM Secure Execution mode. As a KVM guest, Ubuntu Server itself can run in IBM Secure Execution mode.
You can create encrypted Ubuntu Server images that can run on a public, private or hybrid cloud with their in-use memory and state protected. This type of protection is more generally known as protection of data in-use.
You can modify a Linux instance to be able to act as an IBM Secure Execution host by booting it with the prot_virt=1 kernel parameter. An IBM Secure Execution host must run in LPAR mode.
For details about setting up a KVM host and guests for secure execution, see Introducing IBM Secure Execution for Linux.