IBM Secure Execution for Linux

Every IBM z15 or LinuxONE III server is equipped with a private host key that is specific to that server. The key is protected by hardware and firmware. The cloud provider cannot access or manipulate the private host key. Cloud providers who run their cloud on z15 or LinuxONE III obtain a host key document from IBM. The host key document contains the public key associated with the private host key of that server. The cloud providers can distribute a host key document to cloud customers who want to run their workload in a z15 or LinuxONE III based cloud environment.

As a workload owner, you encrypt files that are necessary for booting by using the host key document of the cloud provider.

For more information, see "Introducing IBM Secure Execution for Linux" on the IBM Knowledge Center: https://www.ibm.com/support/knowledgecenter/linuxonibm/liaaf/lnz_r_dse.html

As a cloud provider and registered Resource Link user, download the host key document here: https://www.ibm.com/servers/resourcelink/hom03010.nsf/pages/HKDSearch?OpenDocument

Use the files available through this page to verify the host key document. The procedure is outlined in the referred publication.