Configuring for IBM Secure Execution for Linux
To support guests in IBM® Secure Execution mode, the configuration of a virtual server must be compatible with IBM Secure Execution for Linux®.
In particular, memory access by virtio devices must be regulated through IOMMU. To prevent IOMMU
bypass, guests that are set up for IBM Secure Execution
mode provide
a bounce buffer that all virtio devices of the virtual server
must use. For information about configuring the bounce buffer within the guest, see
Introducing IBM Secure Execution
for Linux, SC34-7721.
- The preferred method for enabling virtio devices to use the bounce buffer is to use a generic specification for the virtual server, see Preparing the virtual server.
- The fallback method is to enable each virtio device separately, see Enable each device separately to use the bounce buffer.
For configuration items that can lead to malfunctioning devices or prevent the guest from running in IBM Secure Execution mode, see Omit items that conflict with IBM Secure Execution for Linux.