From: Zhuoying Cai <zycai@linux.ibm.com>
To: qemu-s390x@nongnu.org, qemu-devel@nongnu.org
Subject: [PATCH v16 22/33] pc-bios/s390-ccw: Introduce ZiplBootMode enum for IPL mode selection
Date: Tue, 7 Jul 2026 19:55:56 -0400 [thread overview]
Message-ID: <20260707235615.2513487-2-zycai@linux.ibm.com> (raw)
In-Reply-To: <20260707231132.2492104-1-zycai@linux.ibm.com>
Add ZiplBootMode enumeration to support multiple IPL boot configurations.
Boot modes differentiate between normal boot and secure IPL operations,
enabled based on boot certificates specified via the boot-certs option.
Normal Mode: IPL when no certificates are provided. No signature
verification is performed.
This prepares for future secure IPL modes requiring signature
verification.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
---
docs/system/s390x/secure-ipl.rst | 21 +++++++++++++++++++++
pc-bios/s390-ccw/bootmap.c | 16 +++++++++++++++-
pc-bios/s390-ccw/main.c | 6 ++++++
pc-bios/s390-ccw/s390-ccw.h | 6 ++++++
4 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/docs/system/s390x/secure-ipl.rst b/docs/system/s390x/secure-ipl.rst
index 88df52ce2f..9d7d33f5ed 100644
--- a/docs/system/s390x/secure-ipl.rst
+++ b/docs/system/s390x/secure-ipl.rst
@@ -18,3 +18,24 @@ Note: certificate files must have a .pem extension.
.. code-block:: shell
qemu-system-s390x -machine s390-ccw-virtio,boot-certs.0.path=/.../qemu/certs,boot-certs.1.path=/another/path/cert.pem ...
+
+
+IPL Modes
+---------
+
+Multiple IPL modes are available to differentiate between the various IPL
+configurations. These modes are mutually exclusive and enabled based on the
+``boot-certs`` option on the QEMU command line.
+
+Normal Mode
+^^^^^^^^^^^
+
+The absence of certificates will attempt to IPL a guest without secure IPL
+operations. No checks are performed, and no warnings/errors are reported.
+This is the default mode.
+
+Configuration:
+
+.. code-block:: shell
+
+ qemu-system-s390x -machine s390-ccw-virtio ...
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index d0ac97795d..7791ca179a 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -330,6 +330,9 @@ static int run_eckd_boot_script(block_number_t bmt_block_nr,
/* The S1B block number is NULL_BLOCK_NR if and only if it's an LD-IPL */
bool ldipl = (s1b_block_nr == NULL_BLOCK_NR);
+ IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
+ "Secure boot with the ECKD scheme is not supported!");
+
if (menu_is_enabled_zipl() && !ldipl) {
loadparm = eckd_get_boot_menu_index(s1b_block_nr);
}
@@ -729,7 +732,14 @@ static int zipl_run(ScsiBlockPtr *pte)
/* Load image(s) into RAM */
entry = (ComponentEntry *)(&header[1]);
- rc = zipl_run_normal(&entry, tmp_sec);
+ switch (boot_mode) {
+ case ZIPL_BOOT_MODE_NORMAL:
+ rc = zipl_run_normal(&entry, tmp_sec);
+ break;
+ default:
+ panic("Unknown boot mode");
+ }
+
if (rc) {
return rc;
}
@@ -1101,12 +1111,16 @@ void zipl_load(void)
VDev *vdev = virtio_get_device();
if (vdev->is_cdrom) {
+ IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
+ "Secure boot from ISO image is not supported!");
ipl_iso_el_torito();
puts("Failed to IPL this ISO image!");
return;
}
if (virtio_get_device_type() == VIRTIO_ID_NET) {
+ IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
+ "Virtio net boot device does not support secure boot!");
netmain();
puts("Failed to IPL from this network!");
return;
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index 44888e0c5c..40e568fc71 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -30,6 +30,7 @@ IplParameterBlock *iplb;
bool have_iplb;
static uint16_t cutype;
LowCore *lowcore; /* Yes, this *is* a pointer to address 0 */
+ZiplBootMode boot_mode;
#define LOADPARM_PROMPT "PROMPT "
#define LOADPARM_EMPTY " "
@@ -306,6 +307,9 @@ static void ipl_ccw_device(void)
switch (cutype) {
case CU_TYPE_DASD_3990:
case CU_TYPE_DASD_2107:
+ IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
+ "Passthrough (vfio) CCW device does not support secure boot!");
+
dasd_ipl(blk_schid, cutype);
break;
case CU_TYPE_VIRTIO:
@@ -393,6 +397,8 @@ void main(void)
probe_boot_device();
}
+ boot_mode = ZIPL_BOOT_MODE_NORMAL;
+
while (have_iplb) {
boot_setup();
if (have_iplb && find_boot_device()) {
diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
index 1e1f71775e..5420443ad2 100644
--- a/pc-bios/s390-ccw/s390-ccw.h
+++ b/pc-bios/s390-ccw/s390-ccw.h
@@ -69,6 +69,12 @@ int sclp_read(char *str, size_t count);
/* bootmap.c */
void zipl_load(void);
+typedef enum ZiplBootMode {
+ ZIPL_BOOT_MODE_NORMAL = 0,
+} ZiplBootMode;
+
+extern ZiplBootMode boot_mode;
+
/* jump2ipl.c */
void write_reset_psw(uint64_t psw);
int jump_to_IPL_code(uint64_t address);
--
2.54.0
next prev parent reply other threads:[~2026-07-07 23:57 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-07 23:10 [PATCH v16 00/33] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
2026-07-07 23:10 ` [PATCH v16 01/33] Add boot-certs to s390-ccw-virtio machine type option Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 02/33] crypto/x509-utils: Refactor with GNUTLS fallback Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 03/33] crypto/x509-utils: Add helper functions for certificate store Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 04/33] hw/s390x/ipl: Create " Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 05/33] s390x/diag: Introduce DIAG 320 for Certificate Store Facility Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 06/33] s390x/diag: Refactor address validation check from diag308_parm_check Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 07/33] s390x/diag: Implement DIAG 320 subcode 1 Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 08/33] crypto/x509-utils: Add helper functions for DIAG 320 subcode 2 Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 09/33] s390x/diag: Implement " Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 10/33] hw/s390x: Define finite size for single entry VCEntry Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 11/33] s390x/diag: Introduce DIAG 508 for secure IPL operations Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 12/33] crypto/x509-utils: Add helper functions for DIAG 508 subcode 1 Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 13/33] s390x/diag: Generalize s390_ipl_read/write to accept void * Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 14/33] s390x/diag: Implement DIAG 508 subcode 1 for signature verification Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 15/33] s390x/ipl: Introduce IPL Information Report Block (IIRB) Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 16/33] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 17/33] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 18/33] hw/s390x/ipl: Rework s390_ipl_map_iplb_chain for certificate storage Zhuoying Cai
2026-07-07 23:11 ` [PATCH v16 19/33] s390x: Guest support for Secure-IPL Facility Zhuoying Cai
2026-07-07 23:40 ` [PATCH v16 20/33] pc-bios/s390-ccw: Refactor zipl_run() Zhuoying Cai
2026-07-07 23:40 ` [PATCH v16 21/33] pc-bios/s390-ccw: Rework zipl_load_segment function Zhuoying Cai
2026-07-07 23:40 ` [PATCH v16 22/33] pc-bios/s390-ccw: Introduce ZiplBootMode enum for IPL mode selection Zhuoying Cai
2026-07-07 23:40 ` [PATCH v16 23/33] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode Zhuoying Cai
2026-07-07 23:40 ` [PATCH v16 24/33] pc-bios/s390-ccw: Add signed component address overlap checks Zhuoying Cai
2026-07-10 20:36 ` Collin Walling
2026-07-07 23:40 ` [PATCH v16 25/33] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF) Zhuoying Cai
2026-07-07 23:40 ` [PATCH v16 26/33] pc-bios/s390-ccw: Add additional security checks for secure boot Zhuoying Cai
2026-07-10 20:32 ` Collin Walling
2026-07-07 23:40 ` [PATCH v16 27/33] Add secure-boot to s390-ccw-virtio machine type option Zhuoying Cai
2026-07-07 23:40 ` [PATCH v16 28/33] hw/s390x/ipl: Set IPIB flags for secure IPL Zhuoying Cai
2026-07-07 23:40 ` [PATCH v16 29/33] pc-bios/s390-ccw: Handle true secure IPL mode Zhuoying Cai
2026-07-07 23:40 ` [PATCH v16 30/33] hw/s390x/ipl: Handle secure boot with multiple boot devices Zhuoying Cai
2026-07-07 23:40 ` [PATCH v16 31/33] tests/functional/s390x: Add secure IPL functional test Zhuoying Cai
2026-07-07 23:40 ` [PATCH v16 32/33] docs/specs: Add secure IPL documentation Zhuoying Cai
2026-07-07 23:40 ` [PATCH v16 33/33] docs/system/s390x: " Zhuoying Cai
2026-07-07 23:55 ` [PATCH v16 21/33] pc-bios/s390-ccw: Rework zipl_load_segment function Zhuoying Cai
2026-07-07 23:55 ` Zhuoying Cai [this message]
2026-07-07 23:55 ` [PATCH v16 23/33] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode Zhuoying Cai
2026-07-07 23:55 ` [PATCH v16 24/33] pc-bios/s390-ccw: Add signed component address overlap checks Zhuoying Cai
2026-07-07 23:55 ` [PATCH v16 25/33] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF) Zhuoying Cai
2026-07-07 23:56 ` [PATCH v16 26/33] pc-bios/s390-ccw: Add additional security checks for secure boot Zhuoying Cai
2026-07-07 23:56 ` [PATCH v16 27/33] Add secure-boot to s390-ccw-virtio machine type option Zhuoying Cai
2026-07-07 23:56 ` [PATCH v16 28/33] hw/s390x/ipl: Set IPIB flags for secure IPL Zhuoying Cai
2026-07-07 23:56 ` [PATCH v16 29/33] pc-bios/s390-ccw: Handle true secure IPL mode Zhuoying Cai
2026-07-07 23:56 ` [PATCH v16 30/33] hw/s390x/ipl: Handle secure boot with multiple boot devices Zhuoying Cai
2026-07-07 23:56 ` [PATCH v16 31/33] tests/functional/s390x: Add secure IPL functional test Zhuoying Cai
2026-07-07 23:56 ` [PATCH v16 32/33] docs/specs: Add secure IPL documentation Zhuoying Cai
2026-07-07 23:56 ` [PATCH v16 33/33] docs/system/s390x: " Zhuoying Cai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260707235615.2513487-2-zycai@linux.ibm.com \
--to=zycai@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.