Starting guests fail with error: Protected boot has failed: 0xa02

Unable to start IBM® Secure Execution guests on a KVM host with numerous, or large guests.

Symptoms

On a KVM host with many guests defined, not all guests can start.

Causes

The kernel has run out of virtual address space to map the areas needed for the guest metadata. The size of the metadata depends on the logical size of the guest, and needs to be allocated fully in the virtual address space of the kernel.

Resolving the problem

Use the vmalloc parameter to add more virtual contiguous host memory for the addressing.

User response

Add vmalloc with a large value to the kernel command line of the KVM host, for example: vmalloc=1TIncreasing the vmalloc value does not cause more memory to be used.