* [PATCH v12 01/35] Add boot-certs to s390-ccw-virtio machine type option
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-01 23:30 ` Jared Rossi
2026-07-01 20:48 ` [PATCH v12 02/35] crypto/x509-utils: Refactor with GNUTLS fallback Zhuoying Cai
` (33 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Introduce a new `boot-certs` machine type option for the s390-ccw-virtio
machine. This allows users to specify one or more certificate file paths
or directories to be used during secure boot.
Each entry is specified using the syntax:
boot-certs.<index>.path=/path/to/cert.pem
Multiple paths can be specify using array properties:
boot-certs.0.path=/path/to/cert.pem,
boot-certs.1.path=/path/to/cert-dir,
boot-certs.2.path=/path/to/another-dir...
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
---
docs/system/s390x/secure-ipl.rst | 20 ++++++++++++++++++++
docs/system/target-s390x.rst | 1 +
hw/s390x/s390-virtio-ccw.c | 30 ++++++++++++++++++++++++++++++
include/hw/s390x/s390-virtio-ccw.h | 2 ++
qapi/machine-s390x.json | 23 +++++++++++++++++++++++
qapi/pragma.json | 1 +
qemu-options.hx | 6 +++++-
7 files changed, 82 insertions(+), 1 deletion(-)
create mode 100644 docs/system/s390x/secure-ipl.rst
diff --git a/docs/system/s390x/secure-ipl.rst b/docs/system/s390x/secure-ipl.rst
new file mode 100644
index 0000000000..88df52ce2f
--- /dev/null
+++ b/docs/system/s390x/secure-ipl.rst
@@ -0,0 +1,20 @@
+.. SPDX-License-Identifier: GPL-2.0-or-later
+
+Secure IPL Command Line Options
+-------------------------------
+
+The s390-ccw-virtio machine type supports secure IPL. These parameters allow
+users to provide certificates and enable secure IPL directly via the command
+line.
+
+Providing Certificates
+^^^^^^^^^^^^^^^^^^^^^^
+
+The certificate store can be populated by supplying a list of X.509 certificate
+file paths or directories containing certificate files on the command-line:
+
+Note: certificate files must have a .pem extension.
+
+.. code-block:: shell
+
+ qemu-system-s390x -machine s390-ccw-virtio,boot-certs.0.path=/.../qemu/certs,boot-certs.1.path=/another/path/cert.pem ...
diff --git a/docs/system/target-s390x.rst b/docs/system/target-s390x.rst
index 94c981e732..8938a13d10 100644
--- a/docs/system/target-s390x.rst
+++ b/docs/system/target-s390x.rst
@@ -35,3 +35,4 @@ Architectural features
s390x/bootdevices
s390x/protvirt
s390x/cpu-topology
+ s390x/secure-ipl
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 25a9fa4955..b3c96ba35b 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -44,6 +44,7 @@
#include "target/s390x/kvm/pv.h"
#include "migration/blocker.h"
#include "qapi/visitor.h"
+#include "qapi/qapi-visit-machine-s390x.h"
#include "hw/s390x/cpu-topology.h"
#include "kvm/kvm_s390x.h"
#include "hw/virtio/virtio-md-pci.h"
@@ -788,6 +789,30 @@ static void machine_set_loadparm(Object *obj, Visitor *v,
g_free(val);
}
+static void machine_get_boot_certs(Object *obj, Visitor *v,
+ const char *name, void *opaque,
+ Error **errp)
+{
+ S390CcwMachineState *ms = S390_CCW_MACHINE(obj);
+ BootCertificatesList **certs = &ms->boot_certs;
+
+ visit_type_BootCertificatesList(v, name, certs, errp);
+}
+
+static void machine_set_boot_certs(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ S390CcwMachineState *ms = S390_CCW_MACHINE(obj);
+ BootCertificatesList *cert_list = NULL;
+
+ visit_type_BootCertificatesList(v, name, &cert_list, errp);
+ if (!cert_list) {
+ return;
+ }
+
+ ms->boot_certs = cert_list;
+}
+
/*
* S390x-specific global compatibility properties.
*
@@ -856,6 +881,11 @@ static void ccw_machine_class_init(ObjectClass *oc, const void *data)
"Up to 8 chars in set of [A-Za-z0-9. ] (lower case chars converted"
" to upper case) to pass to machine loader, boot manager,"
" and guest kernel");
+
+ object_class_property_add(oc, "boot-certs", "BootCertificatesList",
+ machine_get_boot_certs, machine_set_boot_certs, NULL, NULL);
+ object_class_property_set_description(oc, "boot-certs",
+ "provide paths to a directory and/or a certificate file for secure boot");
}
static inline void s390_machine_initfn(Object *obj)
diff --git a/include/hw/s390x/s390-virtio-ccw.h b/include/hw/s390x/s390-virtio-ccw.h
index f1f06119d6..5ad1ea2f24 100644
--- a/include/hw/s390x/s390-virtio-ccw.h
+++ b/include/hw/s390x/s390-virtio-ccw.h
@@ -14,6 +14,7 @@
#include "hw/core/boards.h"
#include "qom/object.h"
#include "hw/s390x/sclp.h"
+#include "qapi/qapi-types-machine-s390x.h"
#define TYPE_S390_CCW_MACHINE "s390-ccw-machine"
@@ -31,6 +32,7 @@ struct S390CcwMachineState {
uint8_t loadparm[8];
uint64_t memory_limit;
uint64_t max_pagesize;
+ BootCertificatesList *boot_certs;
SCLPDevice *sclp;
};
diff --git a/qapi/machine-s390x.json b/qapi/machine-s390x.json
index ea430e1b88..bbe3646e91 100644
--- a/qapi/machine-s390x.json
+++ b/qapi/machine-s390x.json
@@ -140,3 +140,26 @@
{ 'event': 'SCLP_CPI_INFO_AVAILABLE',
'features': [ 'unstable' ]
}
+
+##
+# @BootCertificates:
+#
+# Boot certificates for secure IPL.
+#
+# @path: path to an X.509 certificate file or a directory containing
+# certificate files.
+#
+# Since: 11.1
+##
+{ 'struct': 'BootCertificates',
+ 'data': {'path': 'str'} }
+
+##
+# @DummyBootCertificates:
+#
+# Not used by QMP; hack to let us use BootCertificatesList internally.
+#
+# Since: 11.1
+##
+{ 'struct': 'DummyBootCertificates',
+ 'data': {'unused-boot-certs': ['BootCertificates'] } }
diff --git a/qapi/pragma.json b/qapi/pragma.json
index 24aebbe8f5..342cedc42e 100644
--- a/qapi/pragma.json
+++ b/qapi/pragma.json
@@ -49,6 +49,7 @@
'DisplayProtocol',
'DriveBackupWrapper',
'DummyBlockCoreForceArrays',
+ 'DummyBootCertificates',
'DummyForceArrays',
'DummyVirtioForceArrays',
'HotKeyMod',
diff --git a/qemu-options.hx b/qemu-options.hx
index e44b47de68..83915bd7ef 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -46,7 +46,8 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
" memory-backend='backend-id' specifies explicitly provided backend for main RAM (default=none)\n"
" cxl-fmw.0.targets.0=firsttarget,cxl-fmw.0.targets.1=secondtarget,cxl-fmw.0.size=size[,cxl-fmw.0.interleave-granularity=granularity]\n"
" sgx-epc.0.memdev=memid,sgx-epc.0.node=numaid\n"
- " smp-cache.0.cache=cachename,smp-cache.0.topology=topologylevel\n",
+ " smp-cache.0.cache=cachename,smp-cache.0.topology=topologylevel\n"
+ " boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file provides paths to a directory and/or a certificate file\n",
QEMU_ARCH_ALL)
SRST
``-machine [type=]name[,prop=value[,...]]``
@@ -214,6 +215,9 @@ SRST
::
-machine smp-cache.0.cache=l1d,smp-cache.0.topology=core,smp-cache.1.cache=l1i,smp-cache.1.topology=core
+
+ ``boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file``
+ Provide paths to a directory and/or a certificate file on the host [s390x only].
ERST
DEF("M", HAS_ARG, QEMU_OPTION_M,
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 01/35] Add boot-certs to s390-ccw-virtio machine type option
2026-07-01 20:48 ` [PATCH v12 01/35] Add boot-certs to s390-ccw-virtio machine type option Zhuoying Cai
@ 2026-07-01 23:30 ` Jared Rossi
2026-07-02 0:47 ` Matthew Rosato
0 siblings, 1 reply; 71+ messages in thread
From: Jared Rossi @ 2026-07-01 23:30 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:48 PM, Zhuoying Cai wrote:
> Introduce a new `boot-certs` machine type option for the s390-ccw-virtio
> machine. This allows users to specify one or more certificate file paths
> or directories to be used during secure boot.
The new boot-certs option is able to handle complex certificate
organization across multiple directories, but it seems to reject the
most basic case of passing a single directory path.
E.g. using: -machine s390-ccw-virtio,accel=kvm,boot-certs=/root/certs
produces the error: "Invalid parameter type for 'boot-certs', expected:
array"
I understand that this can be fixed by expanding "boot-certs" to
"boot-certs.0.path" however this does not seem intuitive to me. Is this
the expected behavior by design?
Regards,
Jared Rossi
> Each entry is specified using the syntax:
> boot-certs.<index>.path=/path/to/cert.pem
>
> Multiple paths can be specify using array properties:
> boot-certs.0.path=/path/to/cert.pem,
> boot-certs.1.path=/path/to/cert-dir,
> boot-certs.2.path=/path/to/another-dir...
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> Acked-by: Markus Armbruster <armbru@redhat.com>
> ---
> docs/system/s390x/secure-ipl.rst | 20 ++++++++++++++++++++
> docs/system/target-s390x.rst | 1 +
> hw/s390x/s390-virtio-ccw.c | 30 ++++++++++++++++++++++++++++++
> include/hw/s390x/s390-virtio-ccw.h | 2 ++
> qapi/machine-s390x.json | 23 +++++++++++++++++++++++
> qapi/pragma.json | 1 +
> qemu-options.hx | 6 +++++-
> 7 files changed, 82 insertions(+), 1 deletion(-)
> create mode 100644 docs/system/s390x/secure-ipl.rst
>
> diff --git a/docs/system/s390x/secure-ipl.rst b/docs/system/s390x/secure-ipl.rst
> new file mode 100644
> index 0000000000..88df52ce2f
> --- /dev/null
> +++ b/docs/system/s390x/secure-ipl.rst
> @@ -0,0 +1,20 @@
> +.. SPDX-License-Identifier: GPL-2.0-or-later
> +
> +Secure IPL Command Line Options
> +-------------------------------
> +
> +The s390-ccw-virtio machine type supports secure IPL. These parameters allow
> +users to provide certificates and enable secure IPL directly via the command
> +line.
> +
> +Providing Certificates
> +^^^^^^^^^^^^^^^^^^^^^^
> +
> +The certificate store can be populated by supplying a list of X.509 certificate
> +file paths or directories containing certificate files on the command-line:
> +
> +Note: certificate files must have a .pem extension.
> +
> +.. code-block:: shell
> +
> + qemu-system-s390x -machine s390-ccw-virtio,boot-certs.0.path=/.../qemu/certs,boot-certs.1.path=/another/path/cert.pem ...
> diff --git a/docs/system/target-s390x.rst b/docs/system/target-s390x.rst
> index 94c981e732..8938a13d10 100644
> --- a/docs/system/target-s390x.rst
> +++ b/docs/system/target-s390x.rst
> @@ -35,3 +35,4 @@ Architectural features
> s390x/bootdevices
> s390x/protvirt
> s390x/cpu-topology
> + s390x/secure-ipl
> diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
> index 25a9fa4955..b3c96ba35b 100644
> --- a/hw/s390x/s390-virtio-ccw.c
> +++ b/hw/s390x/s390-virtio-ccw.c
> @@ -44,6 +44,7 @@
> #include "target/s390x/kvm/pv.h"
> #include "migration/blocker.h"
> #include "qapi/visitor.h"
> +#include "qapi/qapi-visit-machine-s390x.h"
> #include "hw/s390x/cpu-topology.h"
> #include "kvm/kvm_s390x.h"
> #include "hw/virtio/virtio-md-pci.h"
> @@ -788,6 +789,30 @@ static void machine_set_loadparm(Object *obj, Visitor *v,
> g_free(val);
> }
>
> +static void machine_get_boot_certs(Object *obj, Visitor *v,
> + const char *name, void *opaque,
> + Error **errp)
> +{
> + S390CcwMachineState *ms = S390_CCW_MACHINE(obj);
> + BootCertificatesList **certs = &ms->boot_certs;
> +
> + visit_type_BootCertificatesList(v, name, certs, errp);
> +}
> +
> +static void machine_set_boot_certs(Object *obj, Visitor *v, const char *name,
> + void *opaque, Error **errp)
> +{
> + S390CcwMachineState *ms = S390_CCW_MACHINE(obj);
> + BootCertificatesList *cert_list = NULL;
> +
> + visit_type_BootCertificatesList(v, name, &cert_list, errp);
> + if (!cert_list) {
> + return;
> + }
> +
> + ms->boot_certs = cert_list;
> +}
> +
> /*
> * S390x-specific global compatibility properties.
> *
> @@ -856,6 +881,11 @@ static void ccw_machine_class_init(ObjectClass *oc, const void *data)
> "Up to 8 chars in set of [A-Za-z0-9. ] (lower case chars converted"
> " to upper case) to pass to machine loader, boot manager,"
> " and guest kernel");
> +
> + object_class_property_add(oc, "boot-certs", "BootCertificatesList",
> + machine_get_boot_certs, machine_set_boot_certs, NULL, NULL);
> + object_class_property_set_description(oc, "boot-certs",
> + "provide paths to a directory and/or a certificate file for secure boot");
> }
>
> static inline void s390_machine_initfn(Object *obj)
> diff --git a/include/hw/s390x/s390-virtio-ccw.h b/include/hw/s390x/s390-virtio-ccw.h
> index f1f06119d6..5ad1ea2f24 100644
> --- a/include/hw/s390x/s390-virtio-ccw.h
> +++ b/include/hw/s390x/s390-virtio-ccw.h
> @@ -14,6 +14,7 @@
> #include "hw/core/boards.h"
> #include "qom/object.h"
> #include "hw/s390x/sclp.h"
> +#include "qapi/qapi-types-machine-s390x.h"
>
> #define TYPE_S390_CCW_MACHINE "s390-ccw-machine"
>
> @@ -31,6 +32,7 @@ struct S390CcwMachineState {
> uint8_t loadparm[8];
> uint64_t memory_limit;
> uint64_t max_pagesize;
> + BootCertificatesList *boot_certs;
>
> SCLPDevice *sclp;
> };
> diff --git a/qapi/machine-s390x.json b/qapi/machine-s390x.json
> index ea430e1b88..bbe3646e91 100644
> --- a/qapi/machine-s390x.json
> +++ b/qapi/machine-s390x.json
> @@ -140,3 +140,26 @@
> { 'event': 'SCLP_CPI_INFO_AVAILABLE',
> 'features': [ 'unstable' ]
> }
> +
> +##
> +# @BootCertificates:
> +#
> +# Boot certificates for secure IPL.
> +#
> +# @path: path to an X.509 certificate file or a directory containing
> +# certificate files.
> +#
> +# Since: 11.1
> +##
> +{ 'struct': 'BootCertificates',
> + 'data': {'path': 'str'} }
> +
> +##
> +# @DummyBootCertificates:
> +#
> +# Not used by QMP; hack to let us use BootCertificatesList internally.
> +#
> +# Since: 11.1
> +##
> +{ 'struct': 'DummyBootCertificates',
> + 'data': {'unused-boot-certs': ['BootCertificates'] } }
> diff --git a/qapi/pragma.json b/qapi/pragma.json
> index 24aebbe8f5..342cedc42e 100644
> --- a/qapi/pragma.json
> +++ b/qapi/pragma.json
> @@ -49,6 +49,7 @@
> 'DisplayProtocol',
> 'DriveBackupWrapper',
> 'DummyBlockCoreForceArrays',
> + 'DummyBootCertificates',
> 'DummyForceArrays',
> 'DummyVirtioForceArrays',
> 'HotKeyMod',
> diff --git a/qemu-options.hx b/qemu-options.hx
> index e44b47de68..83915bd7ef 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -46,7 +46,8 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
> " memory-backend='backend-id' specifies explicitly provided backend for main RAM (default=none)\n"
> " cxl-fmw.0.targets.0=firsttarget,cxl-fmw.0.targets.1=secondtarget,cxl-fmw.0.size=size[,cxl-fmw.0.interleave-granularity=granularity]\n"
> " sgx-epc.0.memdev=memid,sgx-epc.0.node=numaid\n"
> - " smp-cache.0.cache=cachename,smp-cache.0.topology=topologylevel\n",
> + " smp-cache.0.cache=cachename,smp-cache.0.topology=topologylevel\n"
> + " boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file provides paths to a directory and/or a certificate file\n",
> QEMU_ARCH_ALL)
> SRST
> ``-machine [type=]name[,prop=value[,...]]``
> @@ -214,6 +215,9 @@ SRST
> ::
>
> -machine smp-cache.0.cache=l1d,smp-cache.0.topology=core,smp-cache.1.cache=l1i,smp-cache.1.topology=core
> +
> + ``boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file``
> + Provide paths to a directory and/or a certificate file on the host [s390x only].
> ERST
>
> DEF("M", HAS_ARG, QEMU_OPTION_M,
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 01/35] Add boot-certs to s390-ccw-virtio machine type option
2026-07-01 23:30 ` Jared Rossi
@ 2026-07-02 0:47 ` Matthew Rosato
2026-07-02 17:12 ` Matthew Rosato
0 siblings, 1 reply; 71+ messages in thread
From: Matthew Rosato @ 2026-07-02 0:47 UTC (permalink / raw)
To: Jared Rossi, Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, iii, eblake, armbru, alifm, brueckner,
pierrick.bouvier, jdaley
On 7/1/26 7:30 PM, Jared Rossi wrote:
>
>
> On 7/1/26 4:48 PM, Zhuoying Cai wrote:
>> Introduce a new `boot-certs` machine type option for the s390-ccw-virtio
>> machine. This allows users to specify one or more certificate file paths
>> or directories to be used during secure boot.
> The new boot-certs option is able to handle complex certificate
> organization across multiple directories, but it seems to reject the
> most basic case of passing a single directory path.
>
> E.g. using: -machine s390-ccw-virtio,accel=kvm,boot-certs=/root/certs
>
> produces the error: "Invalid parameter type for 'boot-certs', expected:
> array"
>
> I understand that this can be fixed by expanding "boot-certs" to "boot-
> certs.0.path" however this does not seem intuitive to me. Is this the
> expected behavior by design?
smp-cache exhibits the same behavior e.g.
'smp-cache.cache=l1d,smp-cache.topology=cluster' does not work
'smp-cache.0.cache=l1d,smp-cache.0.topology=cluster' does
So I believe it is a common shortcoming. If you only want a single
certificate directory, it will be boot-certs.0.path.
The rationale for wanting to be able to specify multiple paths was
provided by Daniel here:
https://lore.kernel.org/qemu-devel/aMvE7Phd7sLvgj-J@redhat.com/
>
> Regards,
> Jared Rossi
>
>> Each entry is specified using the syntax:
>> boot-certs.<index>.path=/path/to/cert.pem
>>
>> Multiple paths can be specify using array properties:
Nit: s/specify/specified/
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PATCH v12 01/35] Add boot-certs to s390-ccw-virtio machine type option
2026-07-02 0:47 ` Matthew Rosato
@ 2026-07-02 17:12 ` Matthew Rosato
0 siblings, 0 replies; 71+ messages in thread
From: Matthew Rosato @ 2026-07-02 17:12 UTC (permalink / raw)
To: Jared Rossi, Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, iii, eblake, armbru, alifm, brueckner,
pierrick.bouvier, jdaley
On 7/1/26 8:47 PM, Matthew Rosato wrote:
> On 7/1/26 7:30 PM, Jared Rossi wrote:
>>
>>
>> On 7/1/26 4:48 PM, Zhuoying Cai wrote:
>>> Introduce a new `boot-certs` machine type option for the s390-ccw-virtio
>>> machine. This allows users to specify one or more certificate file paths
>>> or directories to be used during secure boot.
>> The new boot-certs option is able to handle complex certificate
>> organization across multiple directories, but it seems to reject the
>> most basic case of passing a single directory path.
>>
>> E.g. using: -machine s390-ccw-virtio,accel=kvm,boot-certs=/root/certs
>>
>> produces the error: "Invalid parameter type for 'boot-certs', expected:
>> array"
>>
>> I understand that this can be fixed by expanding "boot-certs" to "boot-
>> certs.0.path" however this does not seem intuitive to me. Is this the
>> expected behavior by design?
>
> smp-cache exhibits the same behavior e.g.
>
> 'smp-cache.cache=l1d,smp-cache.topology=cluster' does not work
>
> 'smp-cache.0.cache=l1d,smp-cache.0.topology=cluster' does
>
> So I believe it is a common shortcoming. If you only want a single
> certificate directory, it will be boot-certs.0.path.
>
> The rationale for wanting to be able to specify multiple paths was
> provided by Daniel here:
>
> https://lore.kernel.org/qemu-devel/aMvE7Phd7sLvgj-J@redhat.com/
>
>>
>> Regards,
>> Jared Rossi
>>
>>> Each entry is specified using the syntax:
>>> boot-certs.<index>.path=/path/to/cert.pem
>>>
>>> Multiple paths can be specify using array properties:
>
> Nit: s/specify/specified/
>
> Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
>
>
Hrm, actually... Shouldn't this be fenced for older machines?
qemu-system-s390x -machine s390-ccw-virtio-10.0,accel=kvm,boot-certs.0.path=/root/certs
Appears to accept the path (I did not try to actually boot),
which clearly would not work if I migrated this guest to an
older QEMU release that has the 10.0 machine but does not
include your code. There, you would see an error like:
qemu-system-s390x: Property 's390-ccw-virtio-10.0-machine.boot-certs' not found
You can use the compat machine properties to disable it for
older machine versions.
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 02/35] crypto/x509-utils: Refactor with GNUTLS fallback
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
2026-07-01 20:48 ` [PATCH v12 01/35] Add boot-certs to s390-ccw-virtio machine type option Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-01 20:48 ` [PATCH v12 03/35] crypto/x509-utils: Add helper functions for certificate store Zhuoying Cai
` (32 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Always compile x509-utils.c and add a fallback when GNUTLS is
unavailable.
These functions will be needed in the s390x code regardless of whether
GNUTLS is available.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
crypto/meson.build | 2 +-
crypto/x509-utils.c | 16 ++++++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/crypto/meson.build b/crypto/meson.build
index b51597a879..fda85543de 100644
--- a/crypto/meson.build
+++ b/crypto/meson.build
@@ -22,12 +22,12 @@ crypto_ss.add(files(
'tlscredsx509.c',
'tlssession.c',
'rsakey.c',
+ 'x509-utils.c',
))
if gnutls.found()
crypto_ss.add(files(
'tlscredsbox.c',
- 'x509-utils.c',
))
endif
diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c
index 39bb6d4d8c..6176a88653 100644
--- a/crypto/x509-utils.c
+++ b/crypto/x509-utils.c
@@ -11,6 +11,8 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/x509-utils.h"
+
+#ifdef CONFIG_GNUTLS
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
#include <gnutls/x509.h>
@@ -78,3 +80,17 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
gnutls_x509_crt_deinit(crt);
return ret;
}
+
+#else /* ! CONFIG_GNUTLS */
+
+int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
+ QCryptoHashAlgo hash,
+ uint8_t *result,
+ size_t *resultlen,
+ Error **errp)
+{
+ error_setg(errp, "GNUTLS is required to get fingerprint");
+ return -1;
+}
+
+#endif /* ! CONFIG_GNUTLS */
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 03/35] crypto/x509-utils: Add helper functions for certificate store
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
2026-07-01 20:48 ` [PATCH v12 01/35] Add boot-certs to s390-ccw-virtio machine type option Zhuoying Cai
2026-07-01 20:48 ` [PATCH v12 02/35] crypto/x509-utils: Refactor with GNUTLS fallback Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-01 20:48 ` [PATCH v12 04/35] hw/s390x/ipl: Create " Zhuoying Cai
` (31 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Introduce new helper functions for x509 certificate, which will be used
by the certificate store:
qcrypto_x509_convert_cert_der() - converts a certificate from PEM to DER format
These functions provide support for certificate format conversion.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
crypto/x509-utils.c | 49 +++++++++++++++++++++++++++++++++++++
include/crypto/x509-utils.h | 21 ++++++++++++++++
2 files changed, 70 insertions(+)
diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c
index 6176a88653..68cf008938 100644
--- a/crypto/x509-utils.c
+++ b/crypto/x509-utils.c
@@ -81,6 +81,46 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
return ret;
}
+int qcrypto_x509_convert_cert_der(uint8_t *cert, size_t size,
+ uint8_t **result, size_t *resultlen,
+ Error **errp)
+{
+ int ret = -1;
+ int rc;
+ gnutls_x509_crt_t crt;
+ gnutls_datum_t datum = {.data = cert, .size = size};
+ gnutls_datum_t datum_der = {.data = NULL, .size = 0};
+
+ rc = gnutls_x509_crt_init(&crt);
+ if (rc < 0) {
+ error_setg(errp, "Failed to initialize certificate: %s", gnutls_strerror(rc));
+ return ret;
+ }
+
+ rc = gnutls_x509_crt_import(crt, &datum, GNUTLS_X509_FMT_PEM);
+ if (rc != 0) {
+ error_setg(errp, "Failed to import certificate: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ rc = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &datum_der);
+ if (rc != 0) {
+ error_setg(errp, "Failed to convert certificate to DER format: %s",
+ gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ *resultlen = datum_der.size;
+ *result = g_memdup2(datum_der.data, datum_der.size);
+
+ ret = 0;
+
+cleanup:
+ gnutls_x509_crt_deinit(crt);
+ g_free(datum_der.data);
+ return ret;
+}
+
#else /* ! CONFIG_GNUTLS */
int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
@@ -93,4 +133,13 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
return -1;
}
+int qcrypto_x509_convert_cert_der(uint8_t *cert, size_t size,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ error_setg(errp, "GNUTLS is required to export X.509 certificate");
+ return -1;
+}
+
#endif /* ! CONFIG_GNUTLS */
diff --git a/include/crypto/x509-utils.h b/include/crypto/x509-utils.h
index 1e99661a71..91ae79fb03 100644
--- a/include/crypto/x509-utils.h
+++ b/include/crypto/x509-utils.h
@@ -19,4 +19,25 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
size_t *resultlen,
Error **errp);
+/**
+ * qcrypto_x509_convert_cert_der
+ * @cert: pointer to the raw certificate data in PEM format
+ * @size: size of the certificate
+ * @result: output location for the allocated buffer for the certificate
+ * in DER format
+ * (the function allocates memory which must be freed by the caller)
+ * @resultlen: pointer to the size of the buffer (will be updated with the
+ * actual size of the DER-encoded certificate)
+ * @errp: error pointer
+ *
+ * Convert the given @cert from PEM to DER format.
+ *
+ * Returns: 0 on success,
+ * -1 on error.
+ */
+int qcrypto_x509_convert_cert_der(uint8_t *cert, size_t size,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp);
+
#endif
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 04/35] hw/s390x/ipl: Create certificate store
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (2 preceding siblings ...)
2026-07-01 20:48 ` [PATCH v12 03/35] crypto/x509-utils: Add helper functions for certificate store Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-02 0:41 ` Jared Rossi
2026-07-01 20:48 ` [PATCH v12 05/35] s390x/diag: Introduce DIAG 320 for Certificate Store Facility Zhuoying Cai
` (30 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Create a certificate store for boot certificates used for secure IPL.
Load certificates from the `boot-certs` parameter of s390-ccw-virtio
machine type option into the cert store.
Currently, only X.509 certificates in PEM format are supported, as the
QEMU command line accepts certificates in PEM format only.
The raw Base64 data is stored, as well as the certificate's size. The
binary (DER) size is stored as well, which may later be utilized for
secure boot (signature verification).
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Farhan Ali<alifm@linux.ibm.com>
---
docs/specs/index.rst | 1 +
docs/specs/s390x-secure-ipl.rst | 20 +++
hw/s390x/cert-store.c | 228 ++++++++++++++++++++++++++++++++
hw/s390x/cert-store.h | 39 ++++++
hw/s390x/ipl.c | 10 ++
hw/s390x/ipl.h | 3 +
hw/s390x/meson.build | 1 +
include/hw/s390x/ipl/qipl.h | 2 +
8 files changed, 304 insertions(+)
create mode 100644 docs/specs/s390x-secure-ipl.rst
create mode 100644 hw/s390x/cert-store.c
create mode 100644 hw/s390x/cert-store.h
diff --git a/docs/specs/index.rst b/docs/specs/index.rst
index b7909a108a..76d439782c 100644
--- a/docs/specs/index.rst
+++ b/docs/specs/index.rst
@@ -40,3 +40,4 @@ guest hardware that is specific to QEMU.
riscv-aia
aspeed-intc
iommu-testdev
+ s390x-secure-ipl
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
new file mode 100644
index 0000000000..d7c0d4eaac
--- /dev/null
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -0,0 +1,20 @@
+.. SPDX-License-Identifier: GPL-2.0-or-later
+
+s390 Certificate Store and Functions
+------------------------------------
+
+s390 Certificate Store
+^^^^^^^^^^^^^^^^^^^^^^
+
+A certificate store is implemented for s390-ccw guests to retain within
+memory all certificates provided by the user via the command-line, which
+are expected to be stored somewhere on the host's file system. The store
+will keep track of the number of certificates, their respective size,
+and a summation of the sizes.
+
+Each certificate is stroed in an S390IPLCertificate struct, which has a
+name (converted to EBCDIC), size fields of PEM and DER data, and the raw
+PEM Base64 data.
+
+Note: A maximum of 64 certificates are allowed to be stored in the certificate
+store.
diff --git a/hw/s390x/cert-store.c b/hw/s390x/cert-store.c
new file mode 100644
index 0000000000..ab3abf414b
--- /dev/null
+++ b/hw/s390x/cert-store.c
@@ -0,0 +1,228 @@
+/*
+ * S390 certificate store implementation
+ *
+ * Copyright 2025 IBM Corp.
+ * Author(s): Zhuoying Cai <zycai@linux.ibm.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "cert-store.h"
+#include "qapi/error.h"
+#include "qemu/error-report.h"
+#include "qemu/option.h"
+#include "qemu/config-file.h"
+#include "hw/s390x/ebcdic.h"
+#include "hw/s390x/s390-virtio-ccw.h"
+#include "qemu/cutils.h"
+#include "crypto/x509-utils.h"
+#include "qapi/qapi-types-machine-s390x.h"
+
+static BootCertificatesList *s390_get_boot_certs(void)
+{
+ return S390_CCW_MACHINE(qdev_get_machine())->boot_certs;
+}
+
+static S390IPLCertificate *init_cert(char *path, Error **errp)
+{
+ int rc;
+ size_t size;
+ size_t der_len;
+ char name[CERT_NAME_MAX_LEN];
+ g_autofree char *buf = NULL;
+ g_autofree gchar *filename = NULL;
+ S390IPLCertificate *cert = NULL;
+ g_autofree uint8_t *cert_der = NULL;
+ Error *local_err = NULL;
+
+ filename = g_path_get_basename(path);
+
+ if (!g_file_get_contents(path, &buf, &size, NULL)) {
+ error_setg(errp, "Failed to load certificate: %s", path);
+ return NULL;
+ }
+
+ rc = qcrypto_x509_convert_cert_der((uint8_t *)buf, size,
+ &cert_der, &der_len, &local_err);
+ if (rc != 0) {
+ error_propagate_prepend(errp, local_err,
+ "Failed to initialize certificate: %s: ", path);
+ return NULL;
+ }
+
+ cert = g_new0(S390IPLCertificate, 1);
+ cert->size = size;
+ /*
+ * Store DER length only - reused for size calculation.
+ * cert_der is discarded because DER certificate data will be used once
+ * and can be regenerated from cert->raw.
+ */
+ cert->der_size = der_len;
+ /* store raw pointer - ownership transfers to cert */
+ cert->raw = (uint8_t *)g_steal_pointer(&buf);
+
+ /*
+ * Left justified certificate name with padding on the right with blanks.
+ * Convert certificate name to EBCDIC.
+ */
+ strpadcpy(name, CERT_NAME_MAX_LEN, filename, ' ');
+ ebcdic_put(cert->name, name, CERT_NAME_MAX_LEN);
+
+ return cert;
+}
+
+static int update_cert_store(S390IPLCertificateStore *cert_store,
+ S390IPLCertificate *cert)
+{
+ size_t data_buf_size;
+ size_t keyid_buf_size;
+ size_t hash_buf_size;
+ size_t cert_buf_size;
+
+ /* length field is word aligned for later DIAG use */
+ keyid_buf_size = ROUND_UP(CERT_KEY_ID_LEN, 4);
+ hash_buf_size = ROUND_UP(CERT_HASH_LEN, 4);
+ cert_buf_size = ROUND_UP(cert->der_size, 4);
+ data_buf_size = keyid_buf_size + hash_buf_size + cert_buf_size;
+
+ if (cert_store->largest_cert_size < data_buf_size) {
+ cert_store->largest_cert_size = data_buf_size;
+ }
+
+ if (cert_store->count >= MAX_CERTIFICATES) {
+ error_report("Cert store is full");
+ return -1;
+ }
+
+ cert_store->certs[cert_store->count] = *cert;
+ cert_store->total_bytes += data_buf_size;
+ cert_store->count++;
+
+ return 0;
+}
+
+static GPtrArray *get_cert_paths(Error **errp)
+{
+ struct stat st;
+ BootCertificatesList *path_list = NULL;
+ BootCertificatesList *list = NULL;
+ gchar *cert_path;
+ GDir *dir = NULL;
+ const gchar *filename;
+ bool is_empty;
+ g_autoptr(GError) err = NULL;
+ g_autoptr(GPtrArray) cert_path_builder = g_ptr_array_new_full(0, g_free);
+
+ path_list = s390_get_boot_certs();
+
+ for (list = path_list; list; list = list->next) {
+ cert_path = list->value->path;
+
+ if (g_strcmp0(cert_path, "") == 0) {
+ error_setg(errp, "Empty path in certificate path list is not allowed");
+ goto fail;
+ }
+
+ if (stat(cert_path, &st) != 0) {
+ error_setg(errp, "Failed to stat path '%s': %s",
+ cert_path, g_strerror(errno));
+ goto fail;
+ }
+
+ if (S_ISREG(st.st_mode)) {
+ if (!g_str_has_suffix(cert_path, ".pem")) {
+ error_setg(errp, "Certificate file '%s' must have a .pem extension",
+ cert_path);
+ goto fail;
+ }
+
+ g_ptr_array_add(cert_path_builder, g_strdup(cert_path));
+ } else if (S_ISDIR(st.st_mode)) {
+ dir = g_dir_open(cert_path, 0, &err);
+ if (dir == NULL) {
+ error_setg(errp, "Failed to open directory '%s': %s",
+ cert_path, err->message);
+
+ goto fail;
+ }
+
+ is_empty = true;
+ while ((filename = g_dir_read_name(dir))) {
+ is_empty = false;
+
+ if (g_str_has_suffix(filename, ".pem")) {
+ g_ptr_array_add(cert_path_builder,
+ g_build_filename(cert_path, filename, NULL));
+ } else {
+ warn_report("skipping '%s': not a .pem file", filename);
+ }
+ }
+
+ if (is_empty) {
+ warn_report("'%s' directory is empty", cert_path);
+ }
+
+ g_dir_close(dir);
+ } else {
+ error_setg(errp, "Path '%s' is neither a file nor a directory", cert_path);
+ goto fail;
+ }
+ }
+
+ qapi_free_BootCertificatesList(path_list);
+ return g_steal_pointer(&cert_path_builder);
+
+fail:
+ qapi_free_BootCertificatesList(path_list);
+ return NULL;
+}
+
+void s390_ipl_create_cert_store(S390IPLCertificateStore *cert_store)
+{
+ GPtrArray *cert_path_builder;
+ Error *err = NULL;
+
+ /* If cert store is already populated, then no work to do */
+ if (cert_store->count) {
+ return;
+ }
+
+ cert_path_builder = get_cert_paths(&err);
+ if (cert_path_builder == NULL) {
+ error_report_err(err);
+ exit(1);
+ }
+
+ if (cert_path_builder->len == 0) {
+ g_ptr_array_free(cert_path_builder, TRUE);
+ return;
+ }
+
+ if (cert_path_builder->len > MAX_CERTIFICATES) {
+ error_report("Cert store exceeds maximum of %d certificates", MAX_CERTIFICATES);
+ g_ptr_array_free(cert_path_builder, TRUE);
+ exit(1);
+ }
+
+ cert_store->largest_cert_size = 0;
+ cert_store->total_bytes = 0;
+
+ for (int i = 0; i < cert_path_builder->len; i++) {
+ g_autofree S390IPLCertificate *cert =
+ init_cert((char *) cert_path_builder->pdata[i],
+ &err);
+ if (!cert) {
+ error_report_err(err);
+ g_ptr_array_free(cert_path_builder, TRUE);
+ exit(1);
+ }
+
+ if (update_cert_store(cert_store, cert)) {
+ g_ptr_array_free(cert_path_builder, TRUE);
+ exit(1);
+ }
+ }
+
+ g_ptr_array_free(cert_path_builder, TRUE);
+}
diff --git a/hw/s390x/cert-store.h b/hw/s390x/cert-store.h
new file mode 100644
index 0000000000..7fc9503cb9
--- /dev/null
+++ b/hw/s390x/cert-store.h
@@ -0,0 +1,39 @@
+/*
+ * S390 certificate store
+ *
+ * Copyright 2025 IBM Corp.
+ * Author(s): Zhuoying Cai <zycai@linux.ibm.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef HW_S390_CERT_STORE_H
+#define HW_S390_CERT_STORE_H
+
+#include "hw/s390x/ipl/qipl.h"
+#include "crypto/x509-utils.h"
+
+#define CERT_NAME_MAX_LEN 64
+
+#define CERT_KEY_ID_LEN QCRYPTO_HASH_DIGEST_LEN_SHA256
+#define CERT_HASH_LEN QCRYPTO_HASH_DIGEST_LEN_SHA256
+
+struct S390IPLCertificate {
+ uint8_t name[CERT_NAME_MAX_LEN];
+ size_t size;
+ size_t der_size;
+ uint8_t *raw;
+};
+typedef struct S390IPLCertificate S390IPLCertificate;
+
+struct S390IPLCertificateStore {
+ uint16_t count;
+ size_t largest_cert_size;
+ size_t total_bytes;
+ S390IPLCertificate certs[MAX_CERTIFICATES];
+};
+typedef struct S390IPLCertificateStore S390IPLCertificateStore;
+
+void s390_ipl_create_cert_store(S390IPLCertificateStore *cert_store);
+
+#endif
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index 4cca21c621..09c24203c7 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -38,6 +38,7 @@
#include "qemu/option.h"
#include "qemu/ctype.h"
#include "standard-headers/linux/virtio_ids.h"
+#include "cert-store.h"
#define KERN_IMAGE_START 0x010000UL
#define LINUX_MAGIC_ADDR 0x010008UL
@@ -453,6 +454,13 @@ void s390_ipl_convert_loadparm(char *ascii_lp, uint8_t *ebcdic_lp)
}
}
+S390IPLCertificateStore *s390_ipl_get_certificate_store(void)
+{
+ S390IPLState *ipl = get_ipl_device();
+
+ return &ipl->cert_store;
+}
+
static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
{
CcwDevice *ccw_dev = NULL;
@@ -767,6 +775,8 @@ void s390_ipl_prepare_cpu(S390CPU *cpu)
cpu->env.psw.addr = ipl->start_addr;
cpu->env.psw.mask = IPL_PSW_MASK;
+ s390_ipl_create_cert_store(&ipl->cert_store);
+
if (!ipl->kernel || ipl->iplb_valid) {
cpu->env.psw.addr = ipl->bios_start_addr;
if (!ipl->iplb_valid) {
diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
index fac30763df..f5a49a4431 100644
--- a/hw/s390x/ipl.h
+++ b/hw/s390x/ipl.h
@@ -13,6 +13,7 @@
#ifndef HW_S390_IPL_H
#define HW_S390_IPL_H
+#include "cert-store.h"
#include "target/s390x/cpu.h"
#include "exec/target_page.h"
#include "system/address-spaces.h"
@@ -35,6 +36,7 @@ int s390_ipl_pv_unpack(struct S390PVResponse *pv_resp);
void s390_ipl_prepare_cpu(S390CPU *cpu);
IplParameterBlock *s390_ipl_get_iplb(void);
IplParameterBlock *s390_ipl_get_iplb_pv(void);
+S390IPLCertificateStore *s390_ipl_get_certificate_store(void);
enum s390_reset {
/* default is a reset not triggered by a CPU e.g. issued by QMP */
@@ -63,6 +65,7 @@ struct S390IPLState {
IplParameterBlock iplb;
IplParameterBlock iplb_pv;
QemuIplParameters qipl;
+ S390IPLCertificateStore cert_store;
uint64_t start_addr;
uint64_t compat_start_addr;
uint64_t bios_start_addr;
diff --git a/hw/s390x/meson.build b/hw/s390x/meson.build
index 57cc2a6be3..6b39ad012f 100644
--- a/hw/s390x/meson.build
+++ b/hw/s390x/meson.build
@@ -17,6 +17,7 @@ s390x_ss.add(files(
'sclpcpu.c',
'sclpquiesce.c',
'tod.c',
+ 'cert-store.c',
))
s390x_ss.add(when: 'CONFIG_KVM', if_true: files(
'tod-kvm.c',
diff --git a/include/hw/s390x/ipl/qipl.h b/include/hw/s390x/ipl/qipl.h
index 8d3c83a80b..ed1a91182a 100644
--- a/include/hw/s390x/ipl/qipl.h
+++ b/include/hw/s390x/ipl/qipl.h
@@ -31,6 +31,8 @@ typedef enum S390IplType S390IplType;
#define QEMU_DEFAULT_IPL S390_IPL_TYPE_CCW
+#define MAX_CERTIFICATES 64
+
/*
* The QEMU IPL Parameters will be stored at absolute address
* 204 (0xcc) which means it is 32-bit word aligned but not
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 04/35] hw/s390x/ipl: Create certificate store
2026-07-01 20:48 ` [PATCH v12 04/35] hw/s390x/ipl: Create " Zhuoying Cai
@ 2026-07-02 0:41 ` Jared Rossi
0 siblings, 0 replies; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 0:41 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:48 PM, Zhuoying Cai wrote:
> Create a certificate store for boot certificates used for secure IPL.
>
> Load certificates from the `boot-certs` parameter of s390-ccw-virtio
> machine type option into the cert store.
>
> Currently, only X.509 certificates in PEM format are supported, as the
> QEMU command line accepts certificates in PEM format only.
>
> The raw Base64 data is stored, as well as the certificate's size. The
> binary (DER) size is stored as well, which may later be utilized for
> secure boot (signature verification).
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> Reviewed-by: Farhan Ali<alifm@linux.ibm.com>
> ---
> docs/specs/index.rst | 1 +
> docs/specs/s390x-secure-ipl.rst | 20 +++
> hw/s390x/cert-store.c | 228 ++++++++++++++++++++++++++++++++
> hw/s390x/cert-store.h | 39 ++++++
> hw/s390x/ipl.c | 10 ++
> hw/s390x/ipl.h | 3 +
> hw/s390x/meson.build | 1 +
> include/hw/s390x/ipl/qipl.h | 2 +
> 8 files changed, 304 insertions(+)
> create mode 100644 docs/specs/s390x-secure-ipl.rst
> create mode 100644 hw/s390x/cert-store.c
> create mode 100644 hw/s390x/cert-store.h
>
> diff --git a/docs/specs/index.rst b/docs/specs/index.rst
> index b7909a108a..76d439782c 100644
> --- a/docs/specs/index.rst
> +++ b/docs/specs/index.rst
> @@ -40,3 +40,4 @@ guest hardware that is specific to QEMU.
> riscv-aia
> aspeed-intc
> iommu-testdev
> + s390x-secure-ipl
> diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
> new file mode 100644
> index 0000000000..d7c0d4eaac
> --- /dev/null
> +++ b/docs/specs/s390x-secure-ipl.rst
> @@ -0,0 +1,20 @@
> +.. SPDX-License-Identifier: GPL-2.0-or-later
> +
> +s390 Certificate Store and Functions
> +------------------------------------
> +
> +s390 Certificate Store
> +^^^^^^^^^^^^^^^^^^^^^^
> +
> +A certificate store is implemented for s390-ccw guests to retain within
> +memory all certificates provided by the user via the command-line, which
> +are expected to be stored somewhere on the host's file system. The store
> +will keep track of the number of certificates, their respective size,
> +and a summation of the sizes.
> +
> +Each certificate is stroed in an S390IPLCertificate struct, which has a
> +name (converted to EBCDIC), size fields of PEM and DER data, and the raw
> +PEM Base64 data.
> +
> +Note: A maximum of 64 certificates are allowed to be stored in the certificate
> +store.
> diff --git a/hw/s390x/cert-store.c b/hw/s390x/cert-store.c
> new file mode 100644
> index 0000000000..ab3abf414b
> --- /dev/null
> +++ b/hw/s390x/cert-store.c
> @@ -0,0 +1,228 @@
> +/*
> + * S390 certificate store implementation
> + *
> + * Copyright 2025 IBM Corp.
> + * Author(s): Zhuoying Cai <zycai@linux.ibm.com>
> + *
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + */
> +
> +#include "qemu/osdep.h"
> +#include "cert-store.h"
> +#include "qapi/error.h"
> +#include "qemu/error-report.h"
> +#include "qemu/option.h"
> +#include "qemu/config-file.h"
> +#include "hw/s390x/ebcdic.h"
> +#include "hw/s390x/s390-virtio-ccw.h"
> +#include "qemu/cutils.h"
> +#include "crypto/x509-utils.h"
> +#include "qapi/qapi-types-machine-s390x.h"
> +
> +static BootCertificatesList *s390_get_boot_certs(void)
> +{
> + return S390_CCW_MACHINE(qdev_get_machine())->boot_certs;
> +}
> +
> +static S390IPLCertificate *init_cert(char *path, Error **errp)
> +{
> + int rc;
> + size_t size;
> + size_t der_len;
> + char name[CERT_NAME_MAX_LEN];
> + g_autofree char *buf = NULL;
> + g_autofree gchar *filename = NULL;
> + S390IPLCertificate *cert = NULL;
> + g_autofree uint8_t *cert_der = NULL;
> + Error *local_err = NULL;
> +
> + filename = g_path_get_basename(path);
> +
> + if (!g_file_get_contents(path, &buf, &size, NULL)) {
> + error_setg(errp, "Failed to load certificate: %s", path);
> + return NULL;
> + }
> +
> + rc = qcrypto_x509_convert_cert_der((uint8_t *)buf, size,
> + &cert_der, &der_len, &local_err);
> + if (rc != 0) {
> + error_propagate_prepend(errp, local_err,
> + "Failed to initialize certificate: %s: ", path);
> + return NULL;
> + }
> +
> + cert = g_new0(S390IPLCertificate, 1);
> + cert->size = size;
> + /*
> + * Store DER length only - reused for size calculation.
> + * cert_der is discarded because DER certificate data will be used once
> + * and can be regenerated from cert->raw.
> + */
> + cert->der_size = der_len;
> + /* store raw pointer - ownership transfers to cert */
> + cert->raw = (uint8_t *)g_steal_pointer(&buf);
> +
> + /*
> + * Left justified certificate name with padding on the right with blanks.
> + * Convert certificate name to EBCDIC.
> + */
> + strpadcpy(name, CERT_NAME_MAX_LEN, filename, ' ');
> + ebcdic_put(cert->name, name, CERT_NAME_MAX_LEN);
> +
> + return cert;
> +}
> +
> +static int update_cert_store(S390IPLCertificateStore *cert_store,
> + S390IPLCertificate *cert)
> +{
> + size_t data_buf_size;
> + size_t keyid_buf_size;
> + size_t hash_buf_size;
> + size_t cert_buf_size;
> +
> + /* length field is word aligned for later DIAG use */
> + keyid_buf_size = ROUND_UP(CERT_KEY_ID_LEN, 4);
> + hash_buf_size = ROUND_UP(CERT_HASH_LEN, 4);
> + cert_buf_size = ROUND_UP(cert->der_size, 4);
> + data_buf_size = keyid_buf_size + hash_buf_size + cert_buf_size;
> +
> + if (cert_store->largest_cert_size < data_buf_size) {
> + cert_store->largest_cert_size = data_buf_size;
> + }
> +
> + if (cert_store->count >= MAX_CERTIFICATES) {
> + error_report("Cert store is full");
> + return -1;
> + }
> +
> + cert_store->certs[cert_store->count] = *cert;
> + cert_store->total_bytes += data_buf_size;
> + cert_store->count++;
> +
> + return 0;
> +}
> +
> +static GPtrArray *get_cert_paths(Error **errp)
> +{
> + struct stat st;
> + BootCertificatesList *path_list = NULL;
> + BootCertificatesList *list = NULL;
> + gchar *cert_path;
> + GDir *dir = NULL;
> + const gchar *filename;
> + bool is_empty;
> + g_autoptr(GError) err = NULL;
> + g_autoptr(GPtrArray) cert_path_builder = g_ptr_array_new_full(0, g_free);
> +
> + path_list = s390_get_boot_certs();
> +
> + for (list = path_list; list; list = list->next) {
> + cert_path = list->value->path;
> +
> + if (g_strcmp0(cert_path, "") == 0) {
> + error_setg(errp, "Empty path in certificate path list is not allowed");
> + goto fail;
> + }
> +
> + if (stat(cert_path, &st) != 0) {
> + error_setg(errp, "Failed to stat path '%s': %s",
> + cert_path, g_strerror(errno));
> + goto fail;
> + }
> +
> + if (S_ISREG(st.st_mode)) {
> + if (!g_str_has_suffix(cert_path, ".pem")) {
> + error_setg(errp, "Certificate file '%s' must have a .pem extension",
> + cert_path);
> + goto fail;
> + }
> +
> + g_ptr_array_add(cert_path_builder, g_strdup(cert_path));
> + } else if (S_ISDIR(st.st_mode)) {
> + dir = g_dir_open(cert_path, 0, &err);
> + if (dir == NULL) {
> + error_setg(errp, "Failed to open directory '%s': %s",
> + cert_path, err->message);
> +
> + goto fail;
> + }
> +
> + is_empty = true;
> + while ((filename = g_dir_read_name(dir))) {
> + is_empty = false;
> +
> + if (g_str_has_suffix(filename, ".pem")) {
> + g_ptr_array_add(cert_path_builder,
> + g_build_filename(cert_path, filename, NULL));
> + } else {
> + warn_report("skipping '%s': not a .pem file", filename);
> + }
> + }
> +
> + if (is_empty) {
> + warn_report("'%s' directory is empty", cert_path);
> + }
> +
> + g_dir_close(dir);
> + } else {
> + error_setg(errp, "Path '%s' is neither a file nor a directory", cert_path);
> + goto fail;
> + }
> + }
> +
> + qapi_free_BootCertificatesList(path_list);
> + return g_steal_pointer(&cert_path_builder);
> +
> +fail:
> + qapi_free_BootCertificatesList(path_list);
> + return NULL;
> +}
> +
> +void s390_ipl_create_cert_store(S390IPLCertificateStore *cert_store)
> +{
> + GPtrArray *cert_path_builder;
> + Error *err = NULL;
> +
> + /* If cert store is already populated, then no work to do */
> + if (cert_store->count) {
> + return;
> + }
> +
> + cert_path_builder = get_cert_paths(&err);
> + if (cert_path_builder == NULL) {
> + error_report_err(err);
> + exit(1);
> + }
> +
> + if (cert_path_builder->len == 0) {
> + g_ptr_array_free(cert_path_builder, TRUE);
> + return;
> + }
> +
> + if (cert_path_builder->len > MAX_CERTIFICATES) {
> + error_report("Cert store exceeds maximum of %d certificates", MAX_CERTIFICATES);
> + g_ptr_array_free(cert_path_builder, TRUE);
> + exit(1);
> + }
> +
> + cert_store->largest_cert_size = 0;
> + cert_store->total_bytes = 0;
> +
> + for (int i = 0; i < cert_path_builder->len; i++) {
> + g_autofree S390IPLCertificate *cert =
> + init_cert((char *) cert_path_builder->pdata[i],
> + &err);
> + if (!cert) {
> + error_report_err(err);
> + g_ptr_array_free(cert_path_builder, TRUE);
> + exit(1);
> + }
> +
> + if (update_cert_store(cert_store, cert)) {
> + g_ptr_array_free(cert_path_builder, TRUE);
> + exit(1);
> + }
> + }
I don't think that it will actually cause a problem in the current
implementation, but it looks like if there is an error when the cert
store is partially populated, there is no cleanup at all. We
immediately exit, so in practice this shouldn't be an issue, but it
reminds me of unconditional exits I had to refactor in the s390x BIOS.
The unconditional exits on error were fine when we only allowed one boot
device, but once we wanted to support multiple devices, it became
problematic because everything was just left in a broken state.
So not exactly a bug, but from a maintainability perspective, it would
be better if we could deconstruct the cert store before exiting. If the
code were to change in the future to return an error instead of
immediately exit, then I think this would cause non-obvious problems by
leaving the cert store in a mixed state. If it's not too much extra work
please add some sort of cleanup of the cert store.
> +
> + g_ptr_array_free(cert_path_builder, TRUE);
> +}
> diff --git a/hw/s390x/cert-store.h b/hw/s390x/cert-store.h
> new file mode 100644
> index 0000000000..7fc9503cb9
> --- /dev/null
> +++ b/hw/s390x/cert-store.h
> @@ -0,0 +1,39 @@
> +/*
> + * S390 certificate store
> + *
> + * Copyright 2025 IBM Corp.
> + * Author(s): Zhuoying Cai <zycai@linux.ibm.com>
> + *
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + */
> +
> +#ifndef HW_S390_CERT_STORE_H
> +#define HW_S390_CERT_STORE_H
> +
> +#include "hw/s390x/ipl/qipl.h"
> +#include "crypto/x509-utils.h"
> +
> +#define CERT_NAME_MAX_LEN 64
> +
> +#define CERT_KEY_ID_LEN QCRYPTO_HASH_DIGEST_LEN_SHA256
> +#define CERT_HASH_LEN QCRYPTO_HASH_DIGEST_LEN_SHA256
> +
> +struct S390IPLCertificate {
> + uint8_t name[CERT_NAME_MAX_LEN];
> + size_t size;
> + size_t der_size;
> + uint8_t *raw;
> +};
> +typedef struct S390IPLCertificate S390IPLCertificate;
> +
> +struct S390IPLCertificateStore {
> + uint16_t count;
> + size_t largest_cert_size;
> + size_t total_bytes;
> + S390IPLCertificate certs[MAX_CERTIFICATES];
> +};
> +typedef struct S390IPLCertificateStore S390IPLCertificateStore;
> +
> +void s390_ipl_create_cert_store(S390IPLCertificateStore *cert_store);
> +
> +#endif
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index 4cca21c621..09c24203c7 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -38,6 +38,7 @@
> #include "qemu/option.h"
> #include "qemu/ctype.h"
> #include "standard-headers/linux/virtio_ids.h"
> +#include "cert-store.h"
>
> #define KERN_IMAGE_START 0x010000UL
> #define LINUX_MAGIC_ADDR 0x010008UL
> @@ -453,6 +454,13 @@ void s390_ipl_convert_loadparm(char *ascii_lp, uint8_t *ebcdic_lp)
> }
> }
>
> +S390IPLCertificateStore *s390_ipl_get_certificate_store(void)
> +{
> + S390IPLState *ipl = get_ipl_device();
> +
> + return &ipl->cert_store;
> +}
> +
> static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
> {
> CcwDevice *ccw_dev = NULL;
> @@ -767,6 +775,8 @@ void s390_ipl_prepare_cpu(S390CPU *cpu)
> cpu->env.psw.addr = ipl->start_addr;
> cpu->env.psw.mask = IPL_PSW_MASK;
>
> + s390_ipl_create_cert_store(&ipl->cert_store);
> +
> if (!ipl->kernel || ipl->iplb_valid) {
> cpu->env.psw.addr = ipl->bios_start_addr;
> if (!ipl->iplb_valid) {
> diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
> index fac30763df..f5a49a4431 100644
> --- a/hw/s390x/ipl.h
> +++ b/hw/s390x/ipl.h
> @@ -13,6 +13,7 @@
> #ifndef HW_S390_IPL_H
> #define HW_S390_IPL_H
>
> +#include "cert-store.h"
> #include "target/s390x/cpu.h"
> #include "exec/target_page.h"
> #include "system/address-spaces.h"
> @@ -35,6 +36,7 @@ int s390_ipl_pv_unpack(struct S390PVResponse *pv_resp);
> void s390_ipl_prepare_cpu(S390CPU *cpu);
> IplParameterBlock *s390_ipl_get_iplb(void);
> IplParameterBlock *s390_ipl_get_iplb_pv(void);
> +S390IPLCertificateStore *s390_ipl_get_certificate_store(void);
>
> enum s390_reset {
> /* default is a reset not triggered by a CPU e.g. issued by QMP */
> @@ -63,6 +65,7 @@ struct S390IPLState {
> IplParameterBlock iplb;
> IplParameterBlock iplb_pv;
> QemuIplParameters qipl;
> + S390IPLCertificateStore cert_store;
> uint64_t start_addr;
> uint64_t compat_start_addr;
> uint64_t bios_start_addr;
> diff --git a/hw/s390x/meson.build b/hw/s390x/meson.build
> index 57cc2a6be3..6b39ad012f 100644
> --- a/hw/s390x/meson.build
> +++ b/hw/s390x/meson.build
> @@ -17,6 +17,7 @@ s390x_ss.add(files(
> 'sclpcpu.c',
> 'sclpquiesce.c',
> 'tod.c',
> + 'cert-store.c',
> ))
> s390x_ss.add(when: 'CONFIG_KVM', if_true: files(
> 'tod-kvm.c',
> diff --git a/include/hw/s390x/ipl/qipl.h b/include/hw/s390x/ipl/qipl.h
> index 8d3c83a80b..ed1a91182a 100644
> --- a/include/hw/s390x/ipl/qipl.h
> +++ b/include/hw/s390x/ipl/qipl.h
> @@ -31,6 +31,8 @@ typedef enum S390IplType S390IplType;
>
> #define QEMU_DEFAULT_IPL S390_IPL_TYPE_CCW
>
> +#define MAX_CERTIFICATES 64
> +
> /*
> * The QEMU IPL Parameters will be stored at absolute address
> * 204 (0xcc) which means it is 32-bit word aligned but not
Other than adding cleanup it looks good to me.
Regards,
Jared Rossi
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 05/35] s390x/diag: Introduce DIAG 320 for Certificate Store Facility
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (3 preceding siblings ...)
2026-07-01 20:48 ` [PATCH v12 04/35] hw/s390x/ipl: Create " Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-01 20:48 ` [PATCH v12 06/35] s390x/diag: Refactor address validation check from diag308_parm_check Zhuoying Cai
` (29 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
DIAGNOSE 320 is introduced to support Certificate Store (CS)
Facility, which includes operations such as query certificate
storage information and provide certificates in the certificate
store.
Currently, only subcode 0 is supported with this patch, which is
used to query the Installed Subcodes Mask (ISM).
This subcode is only supported when the CS facility is enabled.
Availability of CS facility is determined by byte 134 bit 5 of the
SCLP Read Info block. Byte 134's facilities cannot be represented
without the availability of the extended-length-SCCB, so add it as
a check for consistency.
Note: secure IPL is not available for Secure Execution (SE) guests,
as their images are already integrity protected, and an additional
protection of the kernel by secure IPL is not necessary.
This feature is available starting with the gen16 CPU model.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
docs/specs/s390x-secure-ipl.rst | 12 +++++++++
include/hw/s390x/ipl/diag320.h | 20 ++++++++++++++
target/s390x/cpu_features.c | 1 +
target/s390x/cpu_features_def.h.inc | 1 +
target/s390x/cpu_models.c | 2 ++
target/s390x/diag.c | 42 +++++++++++++++++++++++++++++
target/s390x/gen-features.c | 3 +++
target/s390x/kvm/kvm.c | 16 +++++++++++
target/s390x/s390x-internal.h | 2 ++
target/s390x/tcg/misc_helper.c | 7 +++++
10 files changed, 106 insertions(+)
create mode 100644 include/hw/s390x/ipl/diag320.h
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
index d7c0d4eaac..331d793008 100644
--- a/docs/specs/s390x-secure-ipl.rst
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -18,3 +18,15 @@ PEM Base64 data.
Note: A maximum of 64 certificates are allowed to be stored in the certificate
store.
+
+DIAGNOSE function code 'X'320' - Certificate Store Facility
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+DIAGNOSE 'X'320' is used to provide support for guest code to directly
+query the s390 certificate store. Guest code may be the s390-ccw BIOS or
+the guest kernel.
+
+Subcode 0 - query installed subcodes
+ Returns a 256-bit installed subcodes mask (ISM) stored in the installed
+ subcodes block (ISB). This mask indicates which subcodes are currently
+ installed and available for use.
diff --git a/include/hw/s390x/ipl/diag320.h b/include/hw/s390x/ipl/diag320.h
new file mode 100644
index 0000000000..aa04b699c6
--- /dev/null
+++ b/include/hw/s390x/ipl/diag320.h
@@ -0,0 +1,20 @@
+/*
+ * S/390 DIAGNOSE 320 definitions and structures
+ *
+ * Copyright 2025 IBM Corp.
+ * Author(s): Zhuoying Cai <zycai@linux.ibm.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef S390X_DIAG320_H
+#define S390X_DIAG320_H
+
+#define DIAG_320_SUBC_QUERY_ISM 0
+
+#define DIAG_320_RC_OK 0x0001
+#define DIAG_320_RC_NOT_SUPPORTED 0x0102
+
+#define DIAG_320_ISM_QUERY_SUBCODES 0x80000000
+
+#endif
diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c
index 4b5be6798e..436471f4b4 100644
--- a/target/s390x/cpu_features.c
+++ b/target/s390x/cpu_features.c
@@ -147,6 +147,7 @@ void s390_fill_feat_block(const S390FeatBitmap features, S390FeatType type,
break;
case S390_FEAT_TYPE_SCLP_FAC134:
clear_be_bit(s390_feat_def(S390_FEAT_DIAG_318)->bit, data);
+ clear_be_bit(s390_feat_def(S390_FEAT_CERT_STORE)->bit, data);
break;
default:
return;
diff --git a/target/s390x/cpu_features_def.h.inc b/target/s390x/cpu_features_def.h.inc
index c017bffcdc..2976ecd0ee 100644
--- a/target/s390x/cpu_features_def.h.inc
+++ b/target/s390x/cpu_features_def.h.inc
@@ -138,6 +138,7 @@ DEF_FEAT(SIE_IBS, "ibs", SCLP_CONF_CHAR_EXT, 10, "SIE: Interlock-and-broadcast-s
/* Features exposed via SCLP SCCB Facilities byte 134 (bit numbers relative to byte-134) */
DEF_FEAT(DIAG_318, "diag318", SCLP_FAC134, 0, "Control program name and version codes")
+DEF_FEAT(CERT_STORE, "cstore", SCLP_FAC134, 5, "Certificate Store functions")
/* Features exposed via SCLP CPU info. */
DEF_FEAT(SIE_F2, "sief2", SCLP_CPU, 4, "SIE: interception format 2 (Virtual SIE)")
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 0b88868289..962f135f42 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -248,6 +248,7 @@ bool s390_has_feat(S390Feat feat)
if (s390_is_pv()) {
switch (feat) {
case S390_FEAT_DIAG_318:
+ case S390_FEAT_CERT_STORE:
case S390_FEAT_HPMA2:
case S390_FEAT_SIE_F2:
case S390_FEAT_SIE_SKEY:
@@ -505,6 +506,7 @@ static void check_consistency(const S390CPUModel *model)
{ S390_FEAT_PTFF_STOUE, S390_FEAT_MULTIPLE_EPOCH },
{ S390_FEAT_AP_QUEUE_INTERRUPT_CONTROL, S390_FEAT_AP },
{ S390_FEAT_DIAG_318, S390_FEAT_EXTENDED_LENGTH_SCCB },
+ { S390_FEAT_CERT_STORE, S390_FEAT_EXTENDED_LENGTH_SCCB },
{ S390_FEAT_NNPA, S390_FEAT_VECTOR },
{ S390_FEAT_RDP, S390_FEAT_LOCAL_TLB_CLEARING },
{ S390_FEAT_UV_FEAT_AP, S390_FEAT_AP },
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 80f0958478..9131e8b1c9 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -18,6 +18,7 @@
#include "hw/watchdog/wdt_diag288.h"
#include "system/cpus.h"
#include "hw/s390x/ipl.h"
+#include "hw/s390x/ipl/diag320.h"
#include "hw/s390x/s390-virtio-ccw.h"
#include "system/kvm.h"
#include "kvm/kvm_s390x.h"
@@ -199,3 +200,44 @@ out:
return false;
}
}
+
+void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
+{
+ S390CPU *cpu = env_archcpu(env);
+ uint64_t subcode = env->regs[r3];
+ uint64_t addr = env->regs[r1];
+
+ if (env->psw.mask & PSW_MASK_PSTATE) {
+ s390_program_interrupt(env, PGM_PRIVILEGED, ra);
+ return;
+ }
+
+ if (!s390_has_feat(S390_FEAT_CERT_STORE) ||
+ (subcode & ~0x000ffULL) ||
+ (r1 & 1)) {
+ s390_program_interrupt(env, PGM_SPECIFICATION, ra);
+ return;
+ }
+
+
+ switch (subcode) {
+ case DIAG_320_SUBC_QUERY_ISM:
+ /*
+ * The Installed Subcode Block (ISB) can be up 8 words in size,
+ * but the current set of subcodes can fit within a single word
+ * for now.
+ */
+ uint32_t ism_word0 = cpu_to_be32(DIAG_320_ISM_QUERY_SUBCODES);
+
+ if (s390_cpu_virt_mem_write(cpu, addr, r1, &ism_word0, sizeof(ism_word0))) {
+ s390_cpu_virt_mem_handle_exc(cpu, ra);
+ return;
+ }
+
+ env->regs[r1 + 1] = DIAG_320_RC_OK;
+ break;
+ default:
+ env->regs[r1 + 1] = DIAG_320_RC_NOT_SUPPORTED;
+ break;
+ }
+}
diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
index 8218e6470e..6c20c3a862 100644
--- a/target/s390x/gen-features.c
+++ b/target/s390x/gen-features.c
@@ -720,6 +720,7 @@ static uint16_t full_GEN16_GA1[] = {
S390_FEAT_PAIE,
S390_FEAT_UV_FEAT_AP,
S390_FEAT_UV_FEAT_AP_INTR,
+ S390_FEAT_CERT_STORE,
};
static uint16_t full_GEN17_GA1[] = {
@@ -919,6 +920,8 @@ static uint16_t qemu_MAX[] = {
S390_FEAT_KIMD_SHA_512,
S390_FEAT_KLMD_SHA_512,
S390_FEAT_PRNO_TRNG,
+ S390_FEAT_EXTENDED_LENGTH_SCCB,
+ S390_FEAT_CERT_STORE,
};
/****** END FEATURE DEFS ******/
diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
index fdef8f9e8a..138b5b9c67 100644
--- a/target/s390x/kvm/kvm.c
+++ b/target/s390x/kvm/kvm.c
@@ -99,6 +99,7 @@
#define DIAG_TIMEREVENT 0x288
#define DIAG_IPL 0x308
#define DIAG_SET_CONTROL_PROGRAM_CODES 0x318
+#define DIAG_CERT_STORE 0x320
#define DIAG_KVM_HYPERCALL 0x500
#define DIAG_KVM_BREAKPOINT 0x501
@@ -1531,6 +1532,16 @@ static void handle_diag_318(S390CPU *cpu, struct kvm_run *run)
}
}
+static void kvm_handle_diag_320(S390CPU *cpu, struct kvm_run *run)
+{
+ uint64_t r1, r3;
+
+ r1 = (run->s390_sieic.ipa & 0x00f0) >> 4;
+ r3 = run->s390_sieic.ipa & 0x000f;
+
+ handle_diag_320(&cpu->env, r1, r3, RA_IGNORED);
+}
+
#define DIAG_KVM_CODE_MASK 0x000000000000ffff
static int handle_diag(S390CPU *cpu, struct kvm_run *run, uint32_t ipb)
@@ -1561,6 +1572,9 @@ static int handle_diag(S390CPU *cpu, struct kvm_run *run, uint32_t ipb)
case DIAG_KVM_BREAKPOINT:
r = handle_sw_breakpoint(cpu, run);
break;
+ case DIAG_CERT_STORE:
+ kvm_handle_diag_320(cpu, run);
+ break;
default:
trace_kvm_insn_diag(func_code);
kvm_s390_program_interrupt(cpu, PGM_SPECIFICATION);
@@ -2471,6 +2485,8 @@ bool kvm_s390_get_host_cpu_model(S390CPUModel *model, Error **errp)
set_bit(S390_FEAT_DIAG_318, model->features);
}
+ set_bit(S390_FEAT_CERT_STORE, model->features);
+
/* Test for Ultravisor features that influence secure guest behavior */
query_uv_feat_guest(model->features);
diff --git a/target/s390x/s390x-internal.h b/target/s390x/s390x-internal.h
index 35d1e34ef4..1945bdf40c 100644
--- a/target/s390x/s390x-internal.h
+++ b/target/s390x/s390x-internal.h
@@ -388,6 +388,8 @@ int handle_diag_288(CPUS390XState *env, uint64_t r1, uint64_t r3);
/* Return whether a CPU reset is pending */
bool handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3,
uintptr_t ra);
+void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3,
+ uintptr_t ra);
/* translate.c */
diff --git a/target/s390x/tcg/misc_helper.c b/target/s390x/tcg/misc_helper.c
index 09a45e58a5..403388145e 100644
--- a/target/s390x/tcg/misc_helper.c
+++ b/target/s390x/tcg/misc_helper.c
@@ -147,6 +147,13 @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, uint32_t r3, uint32_t num)
/* time bomb (watchdog) */
r = handle_diag_288(env, r1, r3);
break;
+ case 0x320:
+ /* cert store */
+ bql_lock();
+ handle_diag_320(env, r1, r3, GETPC());
+ bql_unlock();
+ r = 0;
+ break;
default:
r = -1;
break;
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 06/35] s390x/diag: Refactor address validation check from diag308_parm_check
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (4 preceding siblings ...)
2026-07-01 20:48 ` [PATCH v12 05/35] s390x/diag: Introduce DIAG 320 for Certificate Store Facility Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-01 20:48 ` [PATCH v12 07/35] s390x/diag: Implement DIAG 320 subcode 1 Zhuoying Cai
` (28 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Create a function to validate the address parameter of DIAGNOSE.
Refactor the function for reuse in the next patch, which allows address
validation in read or write operation of DIAGNOSE.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
target/s390x/diag.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 9131e8b1c9..9f98e4b677 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -26,6 +26,12 @@
#include "qemu/error-report.h"
+static inline bool diag_parm_addr_valid(uint64_t addr, size_t size, bool write)
+{
+ return address_space_access_valid(&address_space_memory, addr,
+ size, write, MEMTXATTRS_UNSPECIFIED);
+}
+
int handle_diag_288(CPUS390XState *env, uint64_t r1, uint64_t r3)
{
uint64_t func = env->regs[r1];
@@ -65,9 +71,7 @@ static int diag308_parm_check(CPUS390XState *env, uint64_t r1, uint64_t addr,
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
return -1;
}
- if (!address_space_access_valid(&address_space_memory, addr,
- sizeof(IplParameterBlock), write,
- MEMTXATTRS_UNSPECIFIED)) {
+ if (!diag_parm_addr_valid(addr, sizeof(IplParameterBlock), write)) {
s390_program_interrupt(env, PGM_ADDRESSING, ra);
return -1;
}
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 07/35] s390x/diag: Implement DIAG 320 subcode 1
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (5 preceding siblings ...)
2026-07-01 20:48 ` [PATCH v12 06/35] s390x/diag: Refactor address validation check from diag308_parm_check Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-02 3:52 ` Eric Farman
2026-07-01 20:48 ` [PATCH v12 08/35] crypto/x509-utils: Add helper functions for DIAG 320 subcode 2 Zhuoying Cai
` (27 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
DIAG 320 subcode 1 provides information needed to determine
the amount of storage to store one or more certificates from the
certificate store.
Upon successful completion, this subcode returns information of the current
cert store, such as the number of certificates stored and allowed in the cert
store, amount of space may need to be allocate to store a certificate,
etc for verification-certificate blocks (VCBs).
The subcode value is denoted by setting the left-most bit
of an 8-byte field.
The verification-certificate-storage-size block (VCSSB) contains
the output data when the operation completes successfully. A VCSSB
length of 4 indicates that no certificate are available in the cert
store.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
---
docs/specs/s390x-secure-ipl.rst | 12 ++++++
hw/s390x/cert-store.h | 3 +-
include/hw/s390x/ipl/diag320.h | 57 +++++++++++++++++++++++++++++
target/s390x/diag.c | 65 ++++++++++++++++++++++++++++++++-
4 files changed, 134 insertions(+), 3 deletions(-)
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
index 331d793008..d5d4c3a24d 100644
--- a/docs/specs/s390x-secure-ipl.rst
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -30,3 +30,15 @@ Subcode 0 - query installed subcodes
Returns a 256-bit installed subcodes mask (ISM) stored in the installed
subcodes block (ISB). This mask indicates which subcodes are currently
installed and available for use.
+
+Subcode 1 - query verification certificate storage information
+ Provides the information required to determine the amount of memory needed
+ to store one or more verification-certificates (VCs) from the certificate
+ store (CS).
+
+ Upon successful completion, this subcode returns various storage size values
+ for verification-certificate blocks (VCBs).
+
+ The output is returned in the verification-certificate-storage-size block
+ (VCSSB). A VCSSB length of 4 indicates that no certificates are available
+ in the CS.
diff --git a/hw/s390x/cert-store.h b/hw/s390x/cert-store.h
index 7fc9503cb9..6f5ee63177 100644
--- a/hw/s390x/cert-store.h
+++ b/hw/s390x/cert-store.h
@@ -11,10 +11,9 @@
#define HW_S390_CERT_STORE_H
#include "hw/s390x/ipl/qipl.h"
+#include "hw/s390x/ipl/diag320.h"
#include "crypto/x509-utils.h"
-#define CERT_NAME_MAX_LEN 64
-
#define CERT_KEY_ID_LEN QCRYPTO_HASH_DIGEST_LEN_SHA256
#define CERT_HASH_LEN QCRYPTO_HASH_DIGEST_LEN_SHA256
diff --git a/include/hw/s390x/ipl/diag320.h b/include/hw/s390x/ipl/diag320.h
index aa04b699c6..d37d8eaa86 100644
--- a/include/hw/s390x/ipl/diag320.h
+++ b/include/hw/s390x/ipl/diag320.h
@@ -11,10 +11,67 @@
#define S390X_DIAG320_H
#define DIAG_320_SUBC_QUERY_ISM 0
+#define DIAG_320_SUBC_QUERY_VCSI 1
#define DIAG_320_RC_OK 0x0001
#define DIAG_320_RC_NOT_SUPPORTED 0x0102
+#define DIAG_320_RC_INVAL_VCSSB_LEN 0x0202
#define DIAG_320_ISM_QUERY_SUBCODES 0x80000000
+#define DIAG_320_ISM_QUERY_VCSI 0x40000000
+
+#define VCSSB_NO_VC 4
+#define VCSSB_LEN_VALID 128
+
+#define CERT_NAME_MAX_LEN 64
+
+struct VCStorageSizeBlock {
+ uint32_t length;
+ uint8_t reserved0[3];
+ uint8_t version;
+ uint32_t reserved1[6];
+ uint16_t total_vc_ct;
+ uint16_t max_vc_ct;
+ uint32_t reserved3[11];
+ uint32_t max_single_vcb_len;
+ uint32_t total_vcb_len;
+ uint32_t reserved4[10];
+};
+typedef struct VCStorageSizeBlock VCStorageSizeBlock;
+
+struct VCEntryHeader {
+ uint32_t len;
+ uint8_t flags;
+ uint8_t key_type;
+ uint16_t cert_idx;
+ uint8_t name[CERT_NAME_MAX_LEN];
+ uint8_t format;
+ uint8_t reserved0;
+ uint16_t keyid_len;
+ uint8_t reserved1;
+ uint8_t hash_type;
+ uint16_t hash_len;
+ uint32_t reserved2;
+ uint32_t cert_len;
+ uint32_t reserved3[2];
+ uint16_t hash_offset;
+ uint16_t cert_offset;
+ uint32_t reserved4[7];
+};
+typedef struct VCEntryHeader VCEntryHeader;
+
+struct VCBlockHeader {
+ uint32_t in_len;
+ uint32_t reserved0;
+ uint16_t first_vc_index;
+ uint16_t last_vc_index;
+ uint32_t reserved1[5];
+ uint32_t out_len;
+ uint8_t reserved2[4];
+ uint16_t stored_ct;
+ uint16_t remain_ct;
+ uint32_t reserved3[5];
+};
+typedef struct VCBlockHeader VCBlockHeader;
#endif
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 9f98e4b677..2336732c9f 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -205,11 +205,56 @@ out:
}
}
+static int handle_diag320_query_vcsi(S390CPU *cpu, uint64_t addr, uint64_t r1,
+ uintptr_t ra, S390IPLCertificateStore *cs)
+{
+ g_autofree VCStorageSizeBlock *vcssb = NULL;
+
+ vcssb = g_new0(VCStorageSizeBlock, 1);
+ if (s390_cpu_virt_mem_read(cpu, addr, r1, vcssb, sizeof(*vcssb))) {
+ s390_cpu_virt_mem_handle_exc(cpu, ra);
+ return -1;
+ }
+
+ if (be32_to_cpu(vcssb->length) > sizeof(*vcssb)) {
+ return DIAG_320_RC_INVAL_VCSSB_LEN;
+ }
+
+ if (be32_to_cpu(vcssb->length) < VCSSB_LEN_VALID) {
+ return DIAG_320_RC_INVAL_VCSSB_LEN;
+ }
+
+ if (!cs->count) {
+ vcssb->length = cpu_to_be32(VCSSB_NO_VC);
+ } else {
+ vcssb->version = 0;
+ vcssb->total_vc_ct = cpu_to_be16(cs->count);
+ vcssb->max_vc_ct = cpu_to_be16(MAX_CERTIFICATES);
+ vcssb->max_single_vcb_len = cpu_to_be32(sizeof(VCBlockHeader) +
+ sizeof(VCEntryHeader) +
+ cs->largest_cert_size);
+ vcssb->total_vcb_len = cpu_to_be32(sizeof(VCBlockHeader) +
+ cs->count * sizeof(VCEntryHeader) +
+ cs->total_bytes);
+ }
+
+ if (s390_cpu_virt_mem_write(cpu, addr, r1, vcssb, be32_to_cpu(vcssb->length))) {
+ s390_cpu_virt_mem_handle_exc(cpu, ra);
+ return -1;
+ }
+ return DIAG_320_RC_OK;
+}
+
+QEMU_BUILD_BUG_MSG(sizeof(VCStorageSizeBlock) != VCSSB_LEN_VALID,
+ "size of VCStorageSizeBlock is wrong");
+
void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
{
S390CPU *cpu = env_archcpu(env);
+ S390IPLCertificateStore *cs = s390_ipl_get_certificate_store();
uint64_t subcode = env->regs[r3];
uint64_t addr = env->regs[r1];
+ int rc;
if (env->psw.mask & PSW_MASK_PSTATE) {
s390_program_interrupt(env, PGM_PRIVILEGED, ra);
@@ -231,7 +276,8 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
* but the current set of subcodes can fit within a single word
* for now.
*/
- uint32_t ism_word0 = cpu_to_be32(DIAG_320_ISM_QUERY_SUBCODES);
+ uint32_t ism_word0 = cpu_to_be32(DIAG_320_ISM_QUERY_SUBCODES |
+ DIAG_320_ISM_QUERY_VCSI);
if (s390_cpu_virt_mem_write(cpu, addr, r1, &ism_word0, sizeof(ism_word0))) {
s390_cpu_virt_mem_handle_exc(cpu, ra);
@@ -240,6 +286,23 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
env->regs[r1 + 1] = DIAG_320_RC_OK;
break;
+ case DIAG_320_SUBC_QUERY_VCSI:
+ if (addr & 0x7) {
+ s390_program_interrupt(env, PGM_SPECIFICATION, ra);
+ return;
+ }
+
+ if (!diag_parm_addr_valid(addr, sizeof(VCStorageSizeBlock), true)) {
+ s390_program_interrupt(env, PGM_ADDRESSING, ra);
+ return;
+ }
+
+ rc = handle_diag320_query_vcsi(cpu, addr, r1, ra, cs);
+ if (rc == -1) {
+ return;
+ }
+ env->regs[r1 + 1] = rc;
+ break;
default:
env->regs[r1 + 1] = DIAG_320_RC_NOT_SUPPORTED;
break;
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 07/35] s390x/diag: Implement DIAG 320 subcode 1
2026-07-01 20:48 ` [PATCH v12 07/35] s390x/diag: Implement DIAG 320 subcode 1 Zhuoying Cai
@ 2026-07-02 3:52 ` Eric Farman
0 siblings, 0 replies; 71+ messages in thread
From: Eric Farman @ 2026-07-02 3:52 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On Wed, 2026-07-01 at 16:48 -0400, Zhuoying Cai wrote:
> DIAG 320 subcode 1 provides information needed to determine
> the amount of storage to store one or more certificates from the
> certificate store.
>
> Upon successful completion, this subcode returns information of the current
> cert store, such as the number of certificates stored and allowed in the cert
> store, amount of space may need to be allocate to store a certificate,
> etc for verification-certificate blocks (VCBs).
>
> The subcode value is denoted by setting the left-most bit
> of an 8-byte field.
>
> The verification-certificate-storage-size block (VCSSB) contains
> the output data when the operation completes successfully. A VCSSB
> length of 4 indicates that no certificate are available in the cert
> store.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
> Reviewed-by: Collin Walling <walling@linux.ibm.com>
> ---
> docs/specs/s390x-secure-ipl.rst | 12 ++++++
> hw/s390x/cert-store.h | 3 +-
> include/hw/s390x/ipl/diag320.h | 57 +++++++++++++++++++++++++++++
> target/s390x/diag.c | 65 ++++++++++++++++++++++++++++++++-
> 4 files changed, 134 insertions(+), 3 deletions(-)
One nit below; but either way...
Reviewed-by: Eric Farman <farman@linux.ibm.com>
>
> diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
> index 331d793008..d5d4c3a24d 100644
> --- a/docs/specs/s390x-secure-ipl.rst
> +++ b/docs/specs/s390x-secure-ipl.rst
> @@ -30,3 +30,15 @@ Subcode 0 - query installed subcodes
> Returns a 256-bit installed subcodes mask (ISM) stored in the installed
> subcodes block (ISB). This mask indicates which subcodes are currently
> installed and available for use.
> +
> +Subcode 1 - query verification certificate storage information
> + Provides the information required to determine the amount of memory needed
> + to store one or more verification-certificates (VCs) from the certificate
> + store (CS).
> +
> + Upon successful completion, this subcode returns various storage size values
> + for verification-certificate blocks (VCBs).
> +
> + The output is returned in the verification-certificate-storage-size block
> + (VCSSB). A VCSSB length of 4 indicates that no certificates are available
> + in the CS.
> diff --git a/hw/s390x/cert-store.h b/hw/s390x/cert-store.h
> index 7fc9503cb9..6f5ee63177 100644
> --- a/hw/s390x/cert-store.h
> +++ b/hw/s390x/cert-store.h
> @@ -11,10 +11,9 @@
> #define HW_S390_CERT_STORE_H
>
> #include "hw/s390x/ipl/qipl.h"
> +#include "hw/s390x/ipl/diag320.h"
> #include "crypto/x509-utils.h"
>
> -#define CERT_NAME_MAX_LEN 64
> -
> #define CERT_KEY_ID_LEN QCRYPTO_HASH_DIGEST_LEN_SHA256
> #define CERT_HASH_LEN QCRYPTO_HASH_DIGEST_LEN_SHA256
>
> diff --git a/include/hw/s390x/ipl/diag320.h b/include/hw/s390x/ipl/diag320.h
> index aa04b699c6..d37d8eaa86 100644
> --- a/include/hw/s390x/ipl/diag320.h
> +++ b/include/hw/s390x/ipl/diag320.h
> @@ -11,10 +11,67 @@
> #define S390X_DIAG320_H
>
> #define DIAG_320_SUBC_QUERY_ISM 0
> +#define DIAG_320_SUBC_QUERY_VCSI 1
>
> #define DIAG_320_RC_OK 0x0001
> #define DIAG_320_RC_NOT_SUPPORTED 0x0102
> +#define DIAG_320_RC_INVAL_VCSSB_LEN 0x0202
>
> #define DIAG_320_ISM_QUERY_SUBCODES 0x80000000
> +#define DIAG_320_ISM_QUERY_VCSI 0x40000000
> +
> +#define VCSSB_NO_VC 4
> +#define VCSSB_LEN_VALID 128
> +
> +#define CERT_NAME_MAX_LEN 64
> +
> +struct VCStorageSizeBlock {
> + uint32_t length;
> + uint8_t reserved0[3];
> + uint8_t version;
> + uint32_t reserved1[6];
> + uint16_t total_vc_ct;
> + uint16_t max_vc_ct;
> + uint32_t reserved3[11];
> + uint32_t max_single_vcb_len;
> + uint32_t total_vcb_len;
> + uint32_t reserved4[10];
> +};
> +typedef struct VCStorageSizeBlock VCStorageSizeBlock;
> +
> +struct VCEntryHeader {
> + uint32_t len;
> + uint8_t flags;
> + uint8_t key_type;
> + uint16_t cert_idx;
> + uint8_t name[CERT_NAME_MAX_LEN];
> + uint8_t format;
> + uint8_t reserved0;
> + uint16_t keyid_len;
> + uint8_t reserved1;
> + uint8_t hash_type;
> + uint16_t hash_len;
> + uint32_t reserved2;
> + uint32_t cert_len;
> + uint32_t reserved3[2];
> + uint16_t hash_offset;
> + uint16_t cert_offset;
> + uint32_t reserved4[7];
> +};
> +typedef struct VCEntryHeader VCEntryHeader;
> +
> +struct VCBlockHeader {
> + uint32_t in_len;
> + uint32_t reserved0;
> + uint16_t first_vc_index;
> + uint16_t last_vc_index;
> + uint32_t reserved1[5];
> + uint32_t out_len;
> + uint8_t reserved2[4];
> + uint16_t stored_ct;
> + uint16_t remain_ct;
> + uint32_t reserved3[5];
> +};
> +typedef struct VCBlockHeader VCBlockHeader;
>
> #endif
> diff --git a/target/s390x/diag.c b/target/s390x/diag.c
> index 9f98e4b677..2336732c9f 100644
> --- a/target/s390x/diag.c
> +++ b/target/s390x/diag.c
> @@ -205,11 +205,56 @@ out:
> }
> }
>
> +static int handle_diag320_query_vcsi(S390CPU *cpu, uint64_t addr, uint64_t r1,
> + uintptr_t ra, S390IPLCertificateStore *cs)
> +{
> + g_autofree VCStorageSizeBlock *vcssb = NULL;
> +
> + vcssb = g_new0(VCStorageSizeBlock, 1);
> + if (s390_cpu_virt_mem_read(cpu, addr, r1, vcssb, sizeof(*vcssb))) {
> + s390_cpu_virt_mem_handle_exc(cpu, ra);
> + return -1;
> + }
> +
> + if (be32_to_cpu(vcssb->length) > sizeof(*vcssb)) {
> + return DIAG_320_RC_INVAL_VCSSB_LEN;
> + }
> +
> + if (be32_to_cpu(vcssb->length) < VCSSB_LEN_VALID) {
> + return DIAG_320_RC_INVAL_VCSSB_LEN;
> + }
These two checks could be squashed together, because the QEMU_BUILD_BUG below ensures that
sizeof(*vcssb) == VCSSB_LEN_VALID, and so vcssb->length should also be only that.
> +
> + if (!cs->count) {
> + vcssb->length = cpu_to_be32(VCSSB_NO_VC);
> + } else {
> + vcssb->version = 0;
> + vcssb->total_vc_ct = cpu_to_be16(cs->count);
> + vcssb->max_vc_ct = cpu_to_be16(MAX_CERTIFICATES);
> + vcssb->max_single_vcb_len = cpu_to_be32(sizeof(VCBlockHeader) +
> + sizeof(VCEntryHeader) +
> + cs->largest_cert_size);
> + vcssb->total_vcb_len = cpu_to_be32(sizeof(VCBlockHeader) +
> + cs->count * sizeof(VCEntryHeader) +
> + cs->total_bytes);
> + }
> +
> + if (s390_cpu_virt_mem_write(cpu, addr, r1, vcssb, be32_to_cpu(vcssb->length))) {
> + s390_cpu_virt_mem_handle_exc(cpu, ra);
> + return -1;
> + }
> + return DIAG_320_RC_OK;
> +}
> +
> +QEMU_BUILD_BUG_MSG(sizeof(VCStorageSizeBlock) != VCSSB_LEN_VALID,
> + "size of VCStorageSizeBlock is wrong");
> +
> void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
> {
> S390CPU *cpu = env_archcpu(env);
> + S390IPLCertificateStore *cs = s390_ipl_get_certificate_store();
> uint64_t subcode = env->regs[r3];
> uint64_t addr = env->regs[r1];
> + int rc;
>
> if (env->psw.mask & PSW_MASK_PSTATE) {
> s390_program_interrupt(env, PGM_PRIVILEGED, ra);
> @@ -231,7 +276,8 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
> * but the current set of subcodes can fit within a single word
> * for now.
> */
> - uint32_t ism_word0 = cpu_to_be32(DIAG_320_ISM_QUERY_SUBCODES);
> + uint32_t ism_word0 = cpu_to_be32(DIAG_320_ISM_QUERY_SUBCODES |
> + DIAG_320_ISM_QUERY_VCSI);
>
> if (s390_cpu_virt_mem_write(cpu, addr, r1, &ism_word0, sizeof(ism_word0))) {
> s390_cpu_virt_mem_handle_exc(cpu, ra);
> @@ -240,6 +286,23 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
>
> env->regs[r1 + 1] = DIAG_320_RC_OK;
> break;
> + case DIAG_320_SUBC_QUERY_VCSI:
> + if (addr & 0x7) {
> + s390_program_interrupt(env, PGM_SPECIFICATION, ra);
> + return;
> + }
> +
> + if (!diag_parm_addr_valid(addr, sizeof(VCStorageSizeBlock), true)) {
> + s390_program_interrupt(env, PGM_ADDRESSING, ra);
> + return;
> + }
> +
> + rc = handle_diag320_query_vcsi(cpu, addr, r1, ra, cs);
> + if (rc == -1) {
> + return;
> + }
> + env->regs[r1 + 1] = rc;
> + break;
> default:
> env->regs[r1 + 1] = DIAG_320_RC_NOT_SUPPORTED;
> break;
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 08/35] crypto/x509-utils: Add helper functions for DIAG 320 subcode 2
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (6 preceding siblings ...)
2026-07-01 20:48 ` [PATCH v12 07/35] s390x/diag: Implement DIAG 320 subcode 1 Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-01 20:48 ` [PATCH v12 09/35] s390x/diag: Implement " Zhuoying Cai
` (26 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Introduce new helper functions to extract certificate metadata:
qcrypto_x509_check_cert_times() - validates the certificate's validity period against the current time
qcrypto_x509_get_cert_key_id() - extracts the key ID from the certificate
qcrypto_x509_check_ecc_curve_p521() - determines the ECC public key algorithm uses P-521 curve
These functions provide support for metadata extraction and validity checking
for X.509 certificates.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Farhan Ali<alifm@linux.ibm.com>
---
crypto/x509-utils.c | 236 ++++++++++++++++++++++++++++++++++++
include/crypto/x509-utils.h | 51 ++++++++
2 files changed, 287 insertions(+)
diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c
index 68cf008938..d0e0384e9c 100644
--- a/crypto/x509-utils.c
+++ b/crypto/x509-utils.c
@@ -27,6 +27,16 @@ static const int qcrypto_to_gnutls_hash_alg_map[QCRYPTO_HASH_ALGO__MAX] = {
[QCRYPTO_HASH_ALGO_RIPEMD160] = GNUTLS_DIG_RMD160,
};
+static const int qcrypto_to_gnutls_keyid_flags_map[] = {
+ [QCRYPTO_HASH_ALGO_MD5] = -1,
+ [QCRYPTO_HASH_ALGO_SHA1] = GNUTLS_KEYID_USE_SHA1,
+ [QCRYPTO_HASH_ALGO_SHA224] = -1,
+ [QCRYPTO_HASH_ALGO_SHA256] = GNUTLS_KEYID_USE_SHA256,
+ [QCRYPTO_HASH_ALGO_SHA384] = -1,
+ [QCRYPTO_HASH_ALGO_SHA512] = GNUTLS_KEYID_USE_SHA512,
+ [QCRYPTO_HASH_ALGO_RIPEMD160] = -1,
+};
+
int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
QCryptoHashAlgo alg,
uint8_t *result,
@@ -121,6 +131,210 @@ cleanup:
return ret;
}
+int qcrypto_x509_check_cert_times(uint8_t *cert, size_t size, Error **errp)
+{
+ int rc;
+ int ret = -1;
+ gnutls_x509_crt_t crt;
+ gnutls_datum_t datum = {.data = cert, .size = size};
+ time_t now = time(NULL);
+ time_t exp_time;
+ time_t act_time;
+
+ if (now == ((time_t)-1)) {
+ error_setg_errno(errp, errno, "Cannot get current time");
+ return ret;
+ }
+
+ rc = gnutls_x509_crt_init(&crt);
+ if (rc < 0) {
+ error_setg(errp, "Failed to initialize certificate: %s", gnutls_strerror(rc));
+ return ret;
+ }
+
+ rc = gnutls_x509_crt_import(crt, &datum, GNUTLS_X509_FMT_PEM);
+ if (rc != 0) {
+ error_setg(errp, "Failed to import certificate: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ exp_time = gnutls_x509_crt_get_expiration_time(crt);
+ if (exp_time == ((time_t)-1)) {
+ error_setg(errp, "Failed to get certificate expiration time");
+ goto cleanup;
+ }
+ if (exp_time < now) {
+ error_setg(errp, "The certificate has expired");
+ goto cleanup;
+ }
+
+ act_time = gnutls_x509_crt_get_activation_time(crt);
+ if (act_time == ((time_t)-1)) {
+ error_setg(errp, "Failed to get certificate activation time");
+ goto cleanup;
+ }
+ if (act_time > now) {
+ error_setg(errp, "The certificate is not yet active");
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ gnutls_x509_crt_deinit(crt);
+ return ret;
+}
+
+static int qcrypto_x509_get_pk_algorithm(uint8_t *cert, size_t size, Error **errp)
+{
+ int rc;
+ int ret = -1;
+ unsigned int bits;
+ gnutls_x509_crt_t crt;
+ gnutls_datum_t datum = {.data = cert, .size = size};
+
+ rc = gnutls_x509_crt_init(&crt);
+ if (rc < 0) {
+ error_setg(errp, "Failed to initialize certificate: %s", gnutls_strerror(rc));
+ return ret;
+ }
+
+ rc = gnutls_x509_crt_import(crt, &datum, GNUTLS_X509_FMT_PEM);
+ if (rc != 0) {
+ error_setg(errp, "Failed to import certificate: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ rc = gnutls_x509_crt_get_pk_algorithm(crt, &bits);
+ if (rc < 0) {
+ error_setg(errp, "Unknown public key algorithm %d", rc);
+ goto cleanup;
+ }
+
+ ret = rc;
+
+cleanup:
+ gnutls_x509_crt_deinit(crt);
+ return ret;
+}
+
+int qcrypto_x509_get_cert_key_id(uint8_t *cert, size_t size,
+ QCryptoHashAlgo hash_alg,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ int rc;
+ int ret = -1;
+ gnutls_x509_crt_t crt;
+ gnutls_datum_t datum = {.data = cert, .size = size};
+
+ if (hash_alg >= G_N_ELEMENTS(qcrypto_to_gnutls_hash_alg_map)) {
+ error_setg(errp, "Unknown hash algorithm %d", hash_alg);
+ return ret;
+ }
+
+ if (hash_alg >= G_N_ELEMENTS(qcrypto_to_gnutls_keyid_flags_map) ||
+ qcrypto_to_gnutls_keyid_flags_map[hash_alg] == -1) {
+ error_setg(errp, "Unsupported key id flag %d", hash_alg);
+ return ret;
+ }
+
+ rc = gnutls_x509_crt_init(&crt);
+ if (rc < 0) {
+ error_setg(errp, "Failed to initialize certificate: %s", gnutls_strerror(rc));
+ return ret;
+ }
+
+ rc = gnutls_x509_crt_import(crt, &datum, GNUTLS_X509_FMT_PEM);
+ if (rc != 0) {
+ error_setg(errp, "Failed to import certificate: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ *resultlen = gnutls_hash_get_len(qcrypto_to_gnutls_hash_alg_map[hash_alg]);
+ if (*resultlen == 0) {
+ error_setg(errp, "Failed to get hash algorithm length: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ *result = g_malloc0(*resultlen);
+ if (gnutls_x509_crt_get_key_id(crt,
+ qcrypto_to_gnutls_keyid_flags_map[hash_alg],
+ *result, resultlen) != 0) {
+ error_setg(errp, "Failed to get key ID from certificate");
+ g_clear_pointer(result, g_free);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ gnutls_x509_crt_deinit(crt);
+ return ret;
+}
+
+static int qcrypto_x509_get_ecc_curve(uint8_t *cert, size_t size, Error **errp)
+{
+ int rc;
+ int ret = -1;
+ gnutls_x509_crt_t crt;
+ gnutls_datum_t datum = {.data = cert, .size = size};
+ gnutls_ecc_curve_t curve_id;
+ gnutls_datum_t x = {.data = NULL, .size = 0};
+ gnutls_datum_t y = {.data = NULL, .size = 0};
+
+ rc = gnutls_x509_crt_init(&crt);
+ if (rc < 0) {
+ error_setg(errp, "Failed to initialize certificate: %s", gnutls_strerror(rc));
+ return ret;
+ }
+
+ rc = gnutls_x509_crt_import(crt, &datum, GNUTLS_X509_FMT_PEM);
+ if (rc != 0) {
+ error_setg(errp, "Failed to import certificate: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ rc = gnutls_x509_crt_get_pk_ecc_raw(crt, &curve_id, &x, &y);
+ if (rc != 0) {
+ error_setg(errp, "Failed to get ECC public key curve: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ ret = curve_id;
+
+cleanup:
+ gnutls_x509_crt_deinit(crt);
+ g_free(x.data);
+ g_free(y.data);
+ return ret;
+}
+
+int qcrypto_x509_check_ecc_curve_p521(uint8_t *cert, size_t size, Error **errp)
+{
+ int algo;
+ int curve_id;
+
+ algo = qcrypto_x509_get_pk_algorithm(cert, size, errp);
+ if (algo != GNUTLS_PK_ECDSA) {
+ return 0;
+ }
+
+ curve_id = qcrypto_x509_get_ecc_curve(cert, size, errp);
+ if (curve_id == -1) {
+ error_setg(errp, "Failed to get ECC curve");
+ return -1;
+ }
+
+ if (curve_id == GNUTLS_ECC_CURVE_INVALID) {
+ error_setg(errp, "Invalid ECC curve");
+ return -1;
+ }
+
+ return curve_id == GNUTLS_ECC_CURVE_SECP521R1;
+}
+
#else /* ! CONFIG_GNUTLS */
int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
@@ -142,4 +356,26 @@ int qcrypto_x509_convert_cert_der(uint8_t *cert, size_t size,
return -1;
}
+int qcrypto_x509_check_cert_times(uint8_t *cert, size_t size, Error **errp)
+{
+ error_setg(errp, "GNUTLS is required to get certificate times");
+ return -1;
+}
+
+int qcrypto_x509_get_cert_key_id(uint8_t *cert, size_t size,
+ QCryptoHashAlgo hash_alg,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ error_setg(errp, "GNUTLS is required to get key ID");
+ return -1;
+}
+
+int qcrypto_x509_check_ecc_curve_p521(uint8_t *cert, size_t size, Error **errp)
+{
+ error_setg(errp, "GNUTLS is required to determine ecc curve");
+ return -1;
+}
+
#endif /* ! CONFIG_GNUTLS */
diff --git a/include/crypto/x509-utils.h b/include/crypto/x509-utils.h
index 91ae79fb03..fcace73c49 100644
--- a/include/crypto/x509-utils.h
+++ b/include/crypto/x509-utils.h
@@ -40,4 +40,55 @@ int qcrypto_x509_convert_cert_der(uint8_t *cert, size_t size,
size_t *resultlen,
Error **errp);
+/**
+ * qcrypto_x509_check_cert_times
+ * @cert: pointer to the raw certificate data
+ * @size: size of the certificate
+ * @errp: error pointer
+ *
+ * Check whether the activation and expiration times of @cert
+ * are valid at the current time.
+ *
+ * Returns: 0 if the certificate times are valid,
+ * -1 on error.
+ */
+int qcrypto_x509_check_cert_times(uint8_t *cert, size_t size, Error **errp);
+
+/**
+ * qcrypto_x509_get_cert_key_id
+ * @cert: pointer to the raw certificate data
+ * @size: size of the certificate
+ * @hash_alg: the hash algorithm flag
+ * @result: output location for the allocated buffer for key ID
+ * (the function allocates memory which must be freed by the caller)
+ * @resultlen: pointer to the size of the buffer
+ * (will be updated with the actual size of key id)
+ * @errp: error pointer
+ *
+ * Retrieve the key ID from the @cert based on the specified @hash_alg.
+ *
+ * Returns: 0 if key ID was successfully stored in @result,
+ * -1 on error.
+ */
+int qcrypto_x509_get_cert_key_id(uint8_t *cert, size_t size,
+ QCryptoHashAlgo hash_alg,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp);
+
+/**
+ * qcrypto_x509_check_ecc_curve_p521
+ * @cert: pointer to the raw certificate data
+ * @size: size of the certificate
+ * @errp: error pointer
+ *
+ * Determine whether the ECC public key in the given certificate uses the P-521
+ * curve.
+ *
+ * Returns: 0 if ECC public key does not use P521 curve.
+ * 1 if ECC public key uses P521 curve.
+ * -1 on error.
+ */
+int qcrypto_x509_check_ecc_curve_p521(uint8_t *cert, size_t size, Error **errp);
+
#endif
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 09/35] s390x/diag: Implement DIAG 320 subcode 2
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (7 preceding siblings ...)
2026-07-01 20:48 ` [PATCH v12 08/35] crypto/x509-utils: Add helper functions for DIAG 320 subcode 2 Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-01 23:29 ` Matthew Rosato
2026-07-02 3:41 ` Eric Farman
2026-07-01 20:48 ` [PATCH v12 10/35] hw/s390x: Define finite size for single entry VCEntry Zhuoying Cai
` (25 subsequent siblings)
34 siblings, 2 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
DIAG 320 subcode 2 provides verification-certificates (VCs) that are in the
certificate store. Only X509 certificates in DER format and SHA-256 hash
type are recognized.
The subcode value is denoted by setting the second-left-most bit
of an 8-byte field.
The Verification Certificate Block (VCB) contains the output data
when the operation completes successfully. It includes a common
header followed by zero or more Verification Certificate Entries (VCEs),
depending on the VCB input length and the VC range (from the first VC
index to the last VC index) in the certificate store.
Each VCE contains information about a certificate retrieved from
the S390IPLCertificateStore, such as the certificate name, key type,
key ID length, hash length, and the raw certificate data.
The key ID and hash are extracted from the raw certificate by the crypto API.
Note: SHA2-256 VC hash type is required for retrieving the hash
(fingerprint) of the certificate.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
docs/specs/s390x-secure-ipl.rst | 24 +++
include/hw/s390x/ipl/diag320.h | 38 ++++
target/s390x/diag.c | 317 +++++++++++++++++++++++++++++++-
3 files changed, 378 insertions(+), 1 deletion(-)
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
index d5d4c3a24d..a17bb0ab55 100644
--- a/docs/specs/s390x-secure-ipl.rst
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -42,3 +42,27 @@ Subcode 1 - query verification certificate storage information
The output is returned in the verification-certificate-storage-size block
(VCSSB). A VCSSB length of 4 indicates that no certificates are available
in the CS.
+
+Subcode 2 - store verification certificates
+ Provides VCs that are in the certificate store.
+
+ The output is provided in a VCB, which includes a common header followed by
+ zero or more verification-certificate entries (VCEs).
+
+ The instruction expects the cert store to maintain an origin of 1 for the
+ index (i.e. a retrieval of the first certificate in the store should be
+ denoted by setting first-VC to 1).
+
+ The first-VC and last-VC fields of the VCB specify the index range of
+ VCs to be stored in the VCB. Certs are stored sequentially, starting
+ with first-VC index. As each cert is stored, a "stored count" is
+ incremented. If there is not enough space to store all certs requested
+ by the index range, a "remaining count" will be recorded and no more
+ certificates will be stored.
+
+ Each VCE contains a header followed by information extracted from a
+ certificate within the certificate store. The information includes:
+ key-id, hash, and certificate data. This information is stored
+ contiguously in a VCE (with zero-padding). Following the header, the
+ key-id is immediately stored. The hash and certificate data follow and
+ may be accessed via the respective offset fields stored in the VCE.
diff --git a/include/hw/s390x/ipl/diag320.h b/include/hw/s390x/ipl/diag320.h
index d37d8eaa86..7fda2d44fd 100644
--- a/include/hw/s390x/ipl/diag320.h
+++ b/include/hw/s390x/ipl/diag320.h
@@ -12,19 +12,45 @@
#define DIAG_320_SUBC_QUERY_ISM 0
#define DIAG_320_SUBC_QUERY_VCSI 1
+#define DIAG_320_SUBC_STORE_VC 2
#define DIAG_320_RC_OK 0x0001
#define DIAG_320_RC_NOT_SUPPORTED 0x0102
#define DIAG_320_RC_INVAL_VCSSB_LEN 0x0202
+#define DIAG_320_RC_INVAL_VCB_LEN 0x0204
+#define DIAG_320_RC_BAD_RANGE 0x0302
#define DIAG_320_ISM_QUERY_SUBCODES 0x80000000
#define DIAG_320_ISM_QUERY_VCSI 0x40000000
+#define DIAG_320_ISM_STORE_VC 0x20000000
#define VCSSB_NO_VC 4
#define VCSSB_LEN_VALID 128
#define CERT_NAME_MAX_LEN 64
+/*
+ * If the VCE flags indicate an invalid certificate,
+ * the VCE length is set to 72, containing only the
+ * first five fields of VCEntry.
+ */
+#define VCE_INVALID_LEN 72
+
+#define DIAG_320_VCE_FLAGS_VALID 0x80
+
+typedef enum Diag320VceKeyType {
+ DIAG_320_VCE_KEYTYPE_SELF_DESCRIBING = 0,
+ DIAG_320_VCE_KEYTYPE_ECDSA_P521 = 1,
+} Diag320VceKeyType;
+
+typedef enum Diag320VceFormat {
+ DIAG_320_VCE_FORMAT_X509_DER = 1,
+} Diag320VceFormat;
+
+typedef enum Diag320VceHashType {
+ DIAG_320_VCE_HASHTYPE_SHA2_256 = 1,
+} Diag320VceHashType;
+
struct VCStorageSizeBlock {
uint32_t length;
uint8_t reserved0[3];
@@ -60,6 +86,12 @@ struct VCEntryHeader {
};
typedef struct VCEntryHeader VCEntryHeader;
+struct VCEntry {
+ VCEntryHeader vce_hdr;
+ uint8_t cert_buf[];
+};
+typedef struct VCEntry VCEntry;
+
struct VCBlockHeader {
uint32_t in_len;
uint32_t reserved0;
@@ -74,4 +106,10 @@ struct VCBlockHeader {
};
typedef struct VCBlockHeader VCBlockHeader;
+struct VCBlock {
+ VCBlockHeader vcb_hdr;
+ uint8_t vce_buf[];
+};
+typedef struct VCBlock VCBlock;
+
#endif
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 2336732c9f..42e3f20067 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -17,13 +17,16 @@
#include "s390x-internal.h"
#include "hw/watchdog/wdt_diag288.h"
#include "system/cpus.h"
+#include "hw/s390x/cert-store.h"
#include "hw/s390x/ipl.h"
#include "hw/s390x/ipl/diag320.h"
#include "hw/s390x/s390-virtio-ccw.h"
#include "system/kvm.h"
#include "kvm/kvm_s390x.h"
#include "target/s390x/kvm/pv.h"
+#include "qapi/error.h"
#include "qemu/error-report.h"
+#include "crypto/x509-utils.h"
static inline bool diag_parm_addr_valid(uint64_t addr, size_t size, bool write)
@@ -245,8 +248,307 @@ static int handle_diag320_query_vcsi(S390CPU *cpu, uint64_t addr, uint64_t r1,
return DIAG_320_RC_OK;
}
+static bool is_cert_valid(const S390IPLCertificate *cert)
+{
+ int rc;
+ Error *err = NULL;
+
+ rc = qcrypto_x509_check_cert_times(cert->raw, cert->size, &err);
+ if (rc != 0) {
+ error_report_err(err);
+ return false;
+ }
+
+ return true;
+}
+
+static int handle_key_id(VCEntry *vce, const S390IPLCertificate *cert)
+{
+ int rc;
+ g_autofree unsigned char *key_id_data = NULL;
+ size_t key_id_len;
+ Error *err = NULL;
+
+ rc = qcrypto_x509_get_cert_key_id(cert->raw, cert->size,
+ QCRYPTO_HASH_ALGO_SHA256,
+ &key_id_data, &key_id_len, &err);
+ if (rc < 0) {
+ error_report_err(err);
+ return 0;
+ }
+
+ if (sizeof(VCEntryHeader) + key_id_len > be32_to_cpu(vce->vce_hdr.len)) {
+ error_report("Unable to write key ID: exceeds buffer bounds");
+ return 0;
+ }
+
+ vce->vce_hdr.keyid_len = cpu_to_be16(key_id_len);
+
+ memcpy(vce->cert_buf, key_id_data, key_id_len);
+
+ return ROUND_UP(key_id_len, 4);
+}
+
+static int handle_hash(VCEntry *vce, const S390IPLCertificate *cert,
+ uint16_t keyid_field_len)
+{
+ int rc;
+ uint16_t hash_offset;
+ g_autofree void *hash_data = NULL;
+ size_t hash_len;
+ Error *err = NULL;
+
+ hash_len = CERT_HASH_LEN;
+ hash_data = g_malloc0(hash_len);
+ rc = qcrypto_get_x509_cert_fingerprint(cert->raw, cert->size,
+ QCRYPTO_HASH_ALGO_SHA256,
+ hash_data, &hash_len, &err);
+ if (rc < 0) {
+ error_report_err(err);
+ return 0;
+ }
+
+ hash_offset = sizeof(VCEntryHeader) + keyid_field_len;
+ if (hash_offset + hash_len > be32_to_cpu(vce->vce_hdr.len)) {
+ error_report("Unable to write hash: exceeds buffer bounds");
+ return 0;
+ }
+
+ vce->vce_hdr.hash_len = cpu_to_be16(hash_len);
+ vce->vce_hdr.hash_type = DIAG_320_VCE_HASHTYPE_SHA2_256;
+ vce->vce_hdr.hash_offset = cpu_to_be16(hash_offset);
+
+ memcpy((uint8_t *)vce + hash_offset, hash_data, hash_len);
+
+ return ROUND_UP(hash_len, 4);
+}
+
+static int handle_cert(VCEntry *vce, const S390IPLCertificate *cert,
+ uint16_t hash_field_len)
+{
+ int rc;
+ uint16_t cert_offset;
+ g_autofree uint8_t *cert_der = NULL;
+ size_t der_size;
+ Error *err = NULL;
+
+ rc = qcrypto_x509_convert_cert_der(cert->raw, cert->size,
+ &cert_der, &der_size, &err);
+ if (rc < 0) {
+ error_report_err(err);
+ return 0;
+ }
+
+ cert_offset = be16_to_cpu(vce->vce_hdr.hash_offset) + hash_field_len;
+ if (cert_offset + der_size > be32_to_cpu(vce->vce_hdr.len)) {
+ error_report("Unable to write certificate: exceeds buffer bounds");
+ return 0;
+ }
+
+ vce->vce_hdr.format = DIAG_320_VCE_FORMAT_X509_DER;
+ vce->vce_hdr.cert_len = cpu_to_be32(der_size);
+ vce->vce_hdr.cert_offset = cpu_to_be16(cert_offset);
+
+ memcpy((uint8_t *)vce + cert_offset, cert_der, der_size);
+
+ return ROUND_UP(der_size, 4);
+}
+
+static int get_key_type(const S390IPLCertificate *cert)
+{
+ int rc;
+ Error *err = NULL;
+
+ rc = qcrypto_x509_check_ecc_curve_p521(cert->raw, cert->size, &err);
+ if (rc == -1) {
+ error_report_err(err);
+ return -1;
+ }
+
+ return (rc == 1) ? DIAG_320_VCE_KEYTYPE_ECDSA_P521 :
+ DIAG_320_VCE_KEYTYPE_SELF_DESCRIBING;
+}
+
+static int build_vce_header(VCEntry *vce, const S390IPLCertificate *cert, int idx)
+{
+ int key_type;
+
+ vce->vce_hdr.len = cpu_to_be32(sizeof(VCEntryHeader));
+ vce->vce_hdr.cert_idx = cpu_to_be16(idx + 1);
+ memcpy(vce->vce_hdr.name, cert->name, CERT_NAME_MAX_LEN);
+
+ if (!is_cert_valid(cert)) {
+ return -1;
+ }
+
+ key_type = get_key_type(cert);
+ if (key_type == -1) {
+ return -1;
+ }
+ vce->vce_hdr.key_type = key_type;
+
+ return 0;
+}
+
+static int build_vce_data(VCEntry *vce, const S390IPLCertificate *cert,
+ uint32_t vce_max_len)
+{
+ uint16_t keyid_field_len;
+ uint16_t hash_field_len;
+ uint32_t cert_field_len;
+ uint32_t vce_len;
+
+ vce->vce_hdr.len = cpu_to_be32(vce_max_len);
+
+ keyid_field_len = handle_key_id(vce, cert);
+ if (!keyid_field_len) {
+ return -1;
+ }
+
+ hash_field_len = handle_hash(vce, cert, keyid_field_len);
+ if (!hash_field_len) {
+ return -1;
+ }
+
+ cert_field_len = handle_cert(vce, cert, hash_field_len);
+ if (!cert_field_len) {
+ return -1;
+ }
+
+ vce_len = sizeof(VCEntryHeader) + keyid_field_len + hash_field_len + cert_field_len;
+ if (vce_len > vce_max_len) {
+ return -1;
+ }
+
+ vce->vce_hdr.flags |= DIAG_320_VCE_FLAGS_VALID;
+
+ /* Update vce length to reflect the actual size used by vce */
+ vce->vce_hdr.len = cpu_to_be32(vce_len);
+
+ return 0;
+}
+
+static int handle_diag320_store_vc(S390CPU *cpu, uint64_t addr, uint64_t r1, uintptr_t ra,
+ S390IPLCertificateStore *cs)
+{
+ g_autofree VCBlockHeader *vcb_hdr = NULL;
+ size_t remaining_space;
+ uint16_t first_vc_index;
+ uint16_t last_vc_index;
+ int cs_start_index;
+ int cs_end_index;
+ uint32_t vce_max_len;
+ uint32_t vce_len;
+ uint32_t in_len;
+
+ vcb_hdr = g_new0(VCBlockHeader, 1);
+ if (s390_cpu_virt_mem_read(cpu, addr, r1, vcb_hdr, sizeof(*vcb_hdr))) {
+ s390_cpu_virt_mem_handle_exc(cpu, ra);
+ return -1;
+ }
+
+ in_len = be32_to_cpu(vcb_hdr->in_len);
+ first_vc_index = be16_to_cpu(vcb_hdr->first_vc_index);
+ last_vc_index = be16_to_cpu(vcb_hdr->last_vc_index);
+
+ if (in_len % TARGET_PAGE_SIZE != 0) {
+ return DIAG_320_RC_INVAL_VCB_LEN;
+ }
+
+ if (first_vc_index > last_vc_index) {
+ return DIAG_320_RC_BAD_RANGE;
+ }
+
+ vcb_hdr->out_len = sizeof(VCBlockHeader);
+
+ /*
+ * DIAG 320 subcode 2 expects to query a certificate store that
+ * maintains an index origin of 1. However, the S390IPLCertificateStore
+ * maintains an index origin of 0. Thus, the indices must be adjusted
+ * for correct access into the cert store. A couple of special cases
+ * must also be accounted for.
+ */
+
+ /* Both indices are 0; return header with no certs */
+ if (first_vc_index == 0 && last_vc_index == 0) {
+ goto out;
+ }
+
+ /* Normalize indices */
+ cs_start_index = (first_vc_index == 0) ? 0 : first_vc_index - 1;
+ cs_end_index = last_vc_index - 1;
+
+ /* Requested range is outside the cert store; return header with no certs */
+ if (cs_start_index >= cs->count || cs_end_index >= cs->count) {
+ goto out;
+ }
+
+ remaining_space = in_len - sizeof(VCBlockHeader);
+
+ for (int i = cs_start_index; i <= cs_end_index; i++) {
+ const S390IPLCertificate *cert = &cs->certs[i];
+ /*
+ * Each field of the VCE is word-aligned.
+ * Allocate enough space for the largest possible size for this VCE.
+ * As the certificate fields (key-id, hash, data) are parsed, the
+ * VCE's length field will be updated accordingly.
+ */
+ vce_max_len = sizeof(VCEntryHeader) + ROUND_UP(CERT_KEY_ID_LEN, 4) +
+ ROUND_UP(CERT_HASH_LEN, 4) + ROUND_UP(cert->der_size, 4);
+ g_autofree VCEntry *vce = g_malloc0(vce_max_len);
+
+ /*
+ * Bit 0 of the VCE flags indicates whether the certificate is valid.
+ * The caller of DIAG320 subcode 2 is responsible for verifying that
+ * the VCE contains a valid certificate.
+ */
+ if (build_vce_header(vce, cert, i) || build_vce_data(vce, cert, vce_max_len)) {
+ /*
+ * Error occurs - VCE does not contain a valid certificate.
+ * Bit 0 of the VCE flags is 0 and the VCE length is set.
+ */
+ vce->vce_hdr.len = cpu_to_be32(VCE_INVALID_LEN);
+ }
+ vce_len = be32_to_cpu(vce->vce_hdr.len);
+
+ /*
+ * If there is no more space to store the cert,
+ * set the remaining verification cert count and
+ * break early.
+ */
+ if (remaining_space < vce_len) {
+ vcb_hdr->remain_ct = cpu_to_be16(last_vc_index - i);
+ break;
+ }
+
+ /* Write VCE */
+ if (s390_cpu_virt_mem_write(cpu, addr + vcb_hdr->out_len, r1, vce, vce_len)) {
+ s390_cpu_virt_mem_handle_exc(cpu, ra);
+ g_free(vce);
+ return -1;
+ }
+
+ vcb_hdr->out_len += vce_len;
+ remaining_space -= vce_len;
+ vcb_hdr->stored_ct++;
+ }
+ vcb_hdr->stored_ct = cpu_to_be16(vcb_hdr->stored_ct);
+
+out:
+ vcb_hdr->out_len = cpu_to_be32(vcb_hdr->out_len);
+
+ if (s390_cpu_virt_mem_write(cpu, addr, r1, vcb_hdr, sizeof(VCBlockHeader))) {
+ s390_cpu_virt_mem_handle_exc(cpu, ra);
+ return -1;
+ }
+
+ return DIAG_320_RC_OK;
+}
+
QEMU_BUILD_BUG_MSG(sizeof(VCStorageSizeBlock) != VCSSB_LEN_VALID,
"size of VCStorageSizeBlock is wrong");
+QEMU_BUILD_BUG_MSG(sizeof(VCBlock) != 64, "size of VCBlock is wrong");
+QEMU_BUILD_BUG_MSG(sizeof(VCEntry) != 128, "size of VCEntry is wrong");
void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
{
@@ -277,7 +579,8 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
* for now.
*/
uint32_t ism_word0 = cpu_to_be32(DIAG_320_ISM_QUERY_SUBCODES |
- DIAG_320_ISM_QUERY_VCSI);
+ DIAG_320_ISM_QUERY_VCSI |
+ DIAG_320_ISM_STORE_VC);
if (s390_cpu_virt_mem_write(cpu, addr, r1, &ism_word0, sizeof(ism_word0))) {
s390_cpu_virt_mem_handle_exc(cpu, ra);
@@ -303,6 +606,18 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
}
env->regs[r1 + 1] = rc;
break;
+ case DIAG_320_SUBC_STORE_VC:
+ if (addr & ~TARGET_PAGE_MASK) {
+ s390_program_interrupt(env, PGM_SPECIFICATION, ra);
+ return;
+ }
+
+ rc = handle_diag320_store_vc(cpu, addr, r1, ra, cs);
+ if (rc == -1) {
+ return;
+ }
+ env->regs[r1 + 1] = rc;
+ break;
default:
env->regs[r1 + 1] = DIAG_320_RC_NOT_SUPPORTED;
break;
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 09/35] s390x/diag: Implement DIAG 320 subcode 2
2026-07-01 20:48 ` [PATCH v12 09/35] s390x/diag: Implement " Zhuoying Cai
@ 2026-07-01 23:29 ` Matthew Rosato
2026-07-02 3:41 ` Eric Farman
1 sibling, 0 replies; 71+ messages in thread
From: Matthew Rosato @ 2026-07-01 23:29 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:48 PM, Zhuoying Cai wrote:
> +static int handle_diag320_store_vc(S390CPU *cpu, uint64_t addr, uint64_t r1, uintptr_t ra,
> + S390IPLCertificateStore *cs)
...
> + g_autofree VCEntry *vce = g_malloc0(vce_max_len);
You are allocating with g_autofree here..
> +
> + /*
> + * Bit 0 of the VCE flags indicates whether the certificate is valid.
> + * The caller of DIAG320 subcode 2 is responsible for verifying that
> + * the VCE contains a valid certificate.
> + */
> + if (build_vce_header(vce, cert, i) || build_vce_data(vce, cert, vce_max_len)) {
> + /*
> + * Error occurs - VCE does not contain a valid certificate.
> + * Bit 0 of the VCE flags is 0 and the VCE length is set.
> + */
> + vce->vce_hdr.len = cpu_to_be32(VCE_INVALID_LEN);
> + }
> + vce_len = be32_to_cpu(vce->vce_hdr.len);
> +
> + /*
> + * If there is no more space to store the cert,
> + * set the remaining verification cert count and
> + * break early.
> + */
> + if (remaining_space < vce_len) {
> + vcb_hdr->remain_ct = cpu_to_be16(last_vc_index - i);
> + break;
> + }
> +
> + /* Write VCE */
> + if (s390_cpu_virt_mem_write(cpu, addr + vcb_hdr->out_len, r1, vce, vce_len)) {
> + s390_cpu_virt_mem_handle_exc(cpu, ra);
> + g_free(vce);
... But using g_free() here.
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 09/35] s390x/diag: Implement DIAG 320 subcode 2
2026-07-01 20:48 ` [PATCH v12 09/35] s390x/diag: Implement " Zhuoying Cai
2026-07-01 23:29 ` Matthew Rosato
@ 2026-07-02 3:41 ` Eric Farman
1 sibling, 0 replies; 71+ messages in thread
From: Eric Farman @ 2026-07-02 3:41 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On Wed, 2026-07-01 at 16:48 -0400, Zhuoying Cai wrote:
> DIAG 320 subcode 2 provides verification-certificates (VCs) that are in the
> certificate store. Only X509 certificates in DER format and SHA-256 hash
> type are recognized.
>
> The subcode value is denoted by setting the second-left-most bit
> of an 8-byte field.
>
> The Verification Certificate Block (VCB) contains the output data
> when the operation completes successfully. It includes a common
> header followed by zero or more Verification Certificate Entries (VCEs),
> depending on the VCB input length and the VC range (from the first VC
> index to the last VC index) in the certificate store.
>
> Each VCE contains information about a certificate retrieved from
> the S390IPLCertificateStore, such as the certificate name, key type,
> key ID length, hash length, and the raw certificate data.
> The key ID and hash are extracted from the raw certificate by the crypto API.
>
> Note: SHA2-256 VC hash type is required for retrieving the hash
> (fingerprint) of the certificate.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> docs/specs/s390x-secure-ipl.rst | 24 +++
> include/hw/s390x/ipl/diag320.h | 38 ++++
> target/s390x/diag.c | 317 +++++++++++++++++++++++++++++++-
> 3 files changed, 378 insertions(+), 1 deletion(-)
Besides the g_free() that Matt mentioned, the comments I would have for this are purely style-
related. So,
Reviewed-by: Eric Farman <farman@linux.ibm.com>
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 10/35] hw/s390x: Define finite size for single entry VCEntry
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (8 preceding siblings ...)
2026-07-01 20:48 ` [PATCH v12 09/35] s390x/diag: Implement " Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-02 1:02 ` Matthew Rosato
2026-07-01 20:48 ` [PATCH v12 11/35] s390x/diag: Introduce DIAG 508 for secure IPL operations Zhuoying Cai
` (24 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Define MAX_VCENTRY_SIZE(8KB) and CERT_BUF_MAX_LEN to establish a finite
size for a single entry VCEntry. Add validation in update_cert_store()
to ensure certificate data does not exceed this limit.
This finite size definition is needed for proper memory allocation and
will be used in a later commit to handle VCEntry structures with known
size constraints.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
hw/s390x/cert-store.c | 6 ++++++
include/hw/s390x/ipl/diag320.h | 3 +++
2 files changed, 9 insertions(+)
diff --git a/hw/s390x/cert-store.c b/hw/s390x/cert-store.c
index ab3abf414b..08c38d18df 100644
--- a/hw/s390x/cert-store.c
+++ b/hw/s390x/cert-store.c
@@ -86,6 +86,12 @@ static int update_cert_store(S390IPLCertificateStore *cert_store,
cert_buf_size = ROUND_UP(cert->der_size, 4);
data_buf_size = keyid_buf_size + hash_buf_size + cert_buf_size;
+ if (data_buf_size > CERT_BUF_MAX_LEN) {
+ error_report("Certificate data size %zu exceeds maximum buffer size %ld",
+ data_buf_size, CERT_BUF_MAX_LEN);
+ return -1;
+ }
+
if (cert_store->largest_cert_size < data_buf_size) {
cert_store->largest_cert_size = data_buf_size;
}
diff --git a/include/hw/s390x/ipl/diag320.h b/include/hw/s390x/ipl/diag320.h
index 7fda2d44fd..f3c23a3176 100644
--- a/include/hw/s390x/ipl/diag320.h
+++ b/include/hw/s390x/ipl/diag320.h
@@ -92,6 +92,9 @@ struct VCEntry {
};
typedef struct VCEntry VCEntry;
+#define MAX_VCENTRY_SIZE (8 * 1024)
+#define CERT_BUF_MAX_LEN (MAX_VCENTRY_SIZE - sizeof(VCEntryHeader))
+
struct VCBlockHeader {
uint32_t in_len;
uint32_t reserved0;
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 10/35] hw/s390x: Define finite size for single entry VCEntry
2026-07-01 20:48 ` [PATCH v12 10/35] hw/s390x: Define finite size for single entry VCEntry Zhuoying Cai
@ 2026-07-02 1:02 ` Matthew Rosato
2026-07-02 3:54 ` Eric Farman
0 siblings, 1 reply; 71+ messages in thread
From: Matthew Rosato @ 2026-07-02 1:02 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:48 PM, Zhuoying Cai wrote:
> Define MAX_VCENTRY_SIZE(8KB) and CERT_BUF_MAX_LEN to establish a finite
> size for a single entry VCEntry. Add validation in update_cert_store()
> to ensure certificate data does not exceed this limit.
>
> This finite size definition is needed for proper memory allocation and
> will be used in a later commit to handle VCEntry structures with known
> size constraints.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> hw/s390x/cert-store.c | 6 ++++++
> include/hw/s390x/ipl/diag320.h | 3 +++
> 2 files changed, 9 insertions(+)
>
> diff --git a/hw/s390x/cert-store.c b/hw/s390x/cert-store.c
> index ab3abf414b..08c38d18df 100644
> --- a/hw/s390x/cert-store.c
> +++ b/hw/s390x/cert-store.c
> @@ -86,6 +86,12 @@ static int update_cert_store(S390IPLCertificateStore *cert_store,
> cert_buf_size = ROUND_UP(cert->der_size, 4);
> data_buf_size = keyid_buf_size + hash_buf_size + cert_buf_size;
>
> + if (data_buf_size > CERT_BUF_MAX_LEN) {
> + error_report("Certificate data size %zu exceeds maximum buffer size %ld",
> + data_buf_size, CERT_BUF_MAX_LEN);
> + return -1;
> + }
> +
Took me a minute to realize why this needed to be its own patch vs
squashed in with hw/s390x/ipl: Create certificate store, because it
seems kind of like a fix? ...
> if (cert_store->largest_cert_size < data_buf_size) {
> cert_store->largest_cert_size = data_buf_size;
> }
> diff --git a/include/hw/s390x/ipl/diag320.h b/include/hw/s390x/ipl/diag320.h
> index 7fda2d44fd..f3c23a3176 100644
> --- a/include/hw/s390x/ipl/diag320.h
> +++ b/include/hw/s390x/ipl/diag320.h
> @@ -92,6 +92,9 @@ struct VCEntry {
> };
> typedef struct VCEntry VCEntry;
>
> +#define MAX_VCENTRY_SIZE (8 * 1024)
> +#define CERT_BUF_MAX_LEN (MAX_VCENTRY_SIZE - sizeof(VCEntryHeader))
> +
... it's because of VCEntryHeader. Would it be possible to instead pull
this code, the VCEntryHeader definition and CERT_NAME_MAX_LEN back
to 'hw/s390x/ipl: Create certificate store' so that we can detect
this condition right from the beginning?
Otherwise, the code itself seems fine so if it can't be squashed then:
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
> struct VCBlockHeader {
> uint32_t in_len;
> uint32_t reserved0;
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 10/35] hw/s390x: Define finite size for single entry VCEntry
2026-07-02 1:02 ` Matthew Rosato
@ 2026-07-02 3:54 ` Eric Farman
0 siblings, 0 replies; 71+ messages in thread
From: Eric Farman @ 2026-07-02 3:54 UTC (permalink / raw)
To: Matthew Rosato, Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On Wed, 2026-07-01 at 21:02 -0400, Matthew Rosato wrote:
> On 7/1/26 4:48 PM, Zhuoying Cai wrote:
> > Define MAX_VCENTRY_SIZE(8KB) and CERT_BUF_MAX_LEN to establish a finite
> > size for a single entry VCEntry. Add validation in update_cert_store()
> > to ensure certificate data does not exceed this limit.
> >
> > This finite size definition is needed for proper memory allocation and
> > will be used in a later commit to handle VCEntry structures with known
> > size constraints.
> >
> > Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> > ---
> > hw/s390x/cert-store.c | 6 ++++++
> > include/hw/s390x/ipl/diag320.h | 3 +++
> > 2 files changed, 9 insertions(+)
> >
> > diff --git a/hw/s390x/cert-store.c b/hw/s390x/cert-store.c
> > index ab3abf414b..08c38d18df 100644
> > --- a/hw/s390x/cert-store.c
> > +++ b/hw/s390x/cert-store.c
> > @@ -86,6 +86,12 @@ static int update_cert_store(S390IPLCertificateStore *cert_store,
> > cert_buf_size = ROUND_UP(cert->der_size, 4);
> > data_buf_size = keyid_buf_size + hash_buf_size + cert_buf_size;
> >
> > + if (data_buf_size > CERT_BUF_MAX_LEN) {
> > + error_report("Certificate data size %zu exceeds maximum buffer size %ld",
> > + data_buf_size, CERT_BUF_MAX_LEN);
> > + return -1;
> > + }
> > +
>
> Took me a minute to realize why this needed to be its own patch vs
> squashed in with hw/s390x/ipl: Create certificate store, because it
> seems kind of like a fix? ...
>
> > if (cert_store->largest_cert_size < data_buf_size) {
> > cert_store->largest_cert_size = data_buf_size;
> > }
> > diff --git a/include/hw/s390x/ipl/diag320.h b/include/hw/s390x/ipl/diag320.h
> > index 7fda2d44fd..f3c23a3176 100644
> > --- a/include/hw/s390x/ipl/diag320.h
> > +++ b/include/hw/s390x/ipl/diag320.h
> > @@ -92,6 +92,9 @@ struct VCEntry {
> > };
> > typedef struct VCEntry VCEntry;
> >
> > +#define MAX_VCENTRY_SIZE (8 * 1024)
> > +#define CERT_BUF_MAX_LEN (MAX_VCENTRY_SIZE - sizeof(VCEntryHeader))
> > +
>
> ... it's because of VCEntryHeader. Would it be possible to instead pull
> this code, the VCEntryHeader definition and CERT_NAME_MAX_LEN back
> to 'hw/s390x/ipl: Create certificate store' so that we can detect
> this condition right from the beginning?
+1
>
> Otherwise, the code itself seems fine so if it can't be squashed then:
>
> Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
But I also agree it's fine.
Reviewed-by: Eric Farman <farman@linux.ibm.com>
>
>
> > struct VCBlockHeader {
> > uint32_t in_len;
> > uint32_t reserved0;
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 11/35] s390x/diag: Introduce DIAG 508 for secure IPL operations
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (9 preceding siblings ...)
2026-07-01 20:48 ` [PATCH v12 10/35] hw/s390x: Define finite size for single entry VCEntry Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-01 20:48 ` [PATCH v12 12/35] crypto/x509-utils: Add helper functions for DIAG 508 subcode 1 Zhuoying Cai
` (23 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
From: Collin Walling <walling@linux.ibm.com>
In order to support secure IPL (aka secure boot) for the s390-ccw BIOS,
a new s390 DIAGNOSE instruction is introduced to leverage QEMU for
handling operations such as signature verification and certificate
retrieval.
Currently, only subcode 0 is supported with this patch, which is used to
query a bitmap of which subcodes are supported.
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
docs/specs/s390x-secure-ipl.rst | 18 ++++++++++++++++++
include/hw/s390x/ipl/diag508.h | 15 +++++++++++++++
target/s390x/diag.c | 27 +++++++++++++++++++++++++++
target/s390x/kvm/kvm.c | 14 ++++++++++++++
target/s390x/s390x-internal.h | 2 ++
target/s390x/tcg/misc_helper.c | 7 +++++++
6 files changed, 83 insertions(+)
create mode 100644 include/hw/s390x/ipl/diag508.h
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
index a17bb0ab55..2198805b47 100644
--- a/docs/specs/s390x-secure-ipl.rst
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -66,3 +66,21 @@ Subcode 2 - store verification certificates
contiguously in a VCE (with zero-padding). Following the header, the
key-id is immediately stored. The hash and certificate data follow and
may be accessed via the respective offset fields stored in the VCE.
+
+
+Secure IPL Data Structures, Facilities, and Functions
+-----------------------------------------------------
+
+DIAGNOSE function code 'X'508' - IPL extensions
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+DIAGNOSE 'X'508' is reserved for guest use in order to facilitate communication
+of additional IPL operations that cannot be handled by guest code, such as
+signature verification for secure IPL.
+
+If the function code specifies 0x508, IPL extension functions are performed.
+These functions are meant to provide extended functionality for s390 guest boot
+that requires assistance from QEMU.
+
+Subcode 0 - query installed subcodes
+ Returns a 64-bit mask indicating which subcodes are supported.
diff --git a/include/hw/s390x/ipl/diag508.h b/include/hw/s390x/ipl/diag508.h
new file mode 100644
index 0000000000..6281ad8299
--- /dev/null
+++ b/include/hw/s390x/ipl/diag508.h
@@ -0,0 +1,15 @@
+/*
+ * S/390 DIAGNOSE 508 definitions and structures
+ *
+ * Copyright 2025 IBM Corp.
+ * Author(s): Collin Walling <walling@linux.ibm.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef S390X_DIAG508_H
+#define S390X_DIAG508_H
+
+#define DIAG_508_SUBC_QUERY_SUBC 0x0000
+
+#endif
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 42e3f20067..f07d39ab07 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -20,6 +20,7 @@
#include "hw/s390x/cert-store.h"
#include "hw/s390x/ipl.h"
#include "hw/s390x/ipl/diag320.h"
+#include "hw/s390x/ipl/diag508.h"
#include "hw/s390x/s390-virtio-ccw.h"
#include "system/kvm.h"
#include "kvm/kvm_s390x.h"
@@ -623,3 +624,29 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
break;
}
}
+
+void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
+{
+ uint64_t subcode = env->regs[r3];
+ int rc;
+
+ if (env->psw.mask & PSW_MASK_PSTATE) {
+ s390_program_interrupt(env, PGM_PRIVILEGED, ra);
+ return;
+ }
+
+ if ((subcode & ~0x0ffffULL) || (r1 & 1)) {
+ s390_program_interrupt(env, PGM_SPECIFICATION, ra);
+ return;
+ }
+
+ switch (subcode) {
+ case DIAG_508_SUBC_QUERY_SUBC:
+ rc = 0;
+ break;
+ default:
+ s390_program_interrupt(env, PGM_SPECIFICATION, ra);
+ return;
+ }
+ env->regs[r1 + 1] = rc;
+}
diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
index 138b5b9c67..56795837f5 100644
--- a/target/s390x/kvm/kvm.c
+++ b/target/s390x/kvm/kvm.c
@@ -102,6 +102,7 @@
#define DIAG_CERT_STORE 0x320
#define DIAG_KVM_HYPERCALL 0x500
#define DIAG_KVM_BREAKPOINT 0x501
+#define DIAG_SECURE_IPL 0x508
#define ICPT_INSTRUCTION 0x04
#define ICPT_PROGRAM 0x08
@@ -1542,6 +1543,16 @@ static void kvm_handle_diag_320(S390CPU *cpu, struct kvm_run *run)
handle_diag_320(&cpu->env, r1, r3, RA_IGNORED);
}
+static void kvm_handle_diag_508(S390CPU *cpu, struct kvm_run *run)
+{
+ uint64_t r1, r3;
+
+ r1 = (run->s390_sieic.ipa & 0x00f0) >> 4;
+ r3 = run->s390_sieic.ipa & 0x000f;
+
+ handle_diag_508(&cpu->env, r1, r3, RA_IGNORED);
+}
+
#define DIAG_KVM_CODE_MASK 0x000000000000ffff
static int handle_diag(S390CPU *cpu, struct kvm_run *run, uint32_t ipb)
@@ -1575,6 +1586,9 @@ static int handle_diag(S390CPU *cpu, struct kvm_run *run, uint32_t ipb)
case DIAG_CERT_STORE:
kvm_handle_diag_320(cpu, run);
break;
+ case DIAG_SECURE_IPL:
+ kvm_handle_diag_508(cpu, run);
+ break;
default:
trace_kvm_insn_diag(func_code);
kvm_s390_program_interrupt(cpu, PGM_SPECIFICATION);
diff --git a/target/s390x/s390x-internal.h b/target/s390x/s390x-internal.h
index 1945bdf40c..81da207a5f 100644
--- a/target/s390x/s390x-internal.h
+++ b/target/s390x/s390x-internal.h
@@ -390,6 +390,8 @@ bool handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3,
uintptr_t ra);
void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3,
uintptr_t ra);
+void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3,
+ uintptr_t ra);
/* translate.c */
diff --git a/target/s390x/tcg/misc_helper.c b/target/s390x/tcg/misc_helper.c
index 403388145e..f1c8563af0 100644
--- a/target/s390x/tcg/misc_helper.c
+++ b/target/s390x/tcg/misc_helper.c
@@ -154,6 +154,13 @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, uint32_t r3, uint32_t num)
bql_unlock();
r = 0;
break;
+ case 0x508:
+ /* secure ipl operations */
+ bql_lock();
+ handle_diag_508(env, r1, r3, GETPC());
+ bql_unlock();
+ r = 0;
+ break;
default:
r = -1;
break;
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 12/35] crypto/x509-utils: Add helper functions for DIAG 508 subcode 1
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (10 preceding siblings ...)
2026-07-01 20:48 ` [PATCH v12 11/35] s390x/diag: Introduce DIAG 508 for secure IPL operations Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-01 20:48 ` [PATCH v12 13/35] s390x/diag: generalize s390_ipl_read/write to accept void * Zhuoying Cai
` (22 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Introduce helper functions to support signature verification required by
DIAG 508 subcode 1:
qcrypto_pkcs7_convert_sig_pem() – converts a signature from DER to PEM format
qcrypto_x509_verify_sig() – verifies the provided data against the given signature
These functions enable basic signature verification support.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Farhan Ali<alifm@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
crypto/x509-utils.c | 108 ++++++++++++++++++++++++++++++++++++
include/crypto/x509-utils.h | 41 ++++++++++++++
2 files changed, 149 insertions(+)
diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c
index d0e0384e9c..b23a5f0979 100644
--- a/crypto/x509-utils.c
+++ b/crypto/x509-utils.c
@@ -16,6 +16,7 @@
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
#include <gnutls/x509.h>
+#include <gnutls/pkcs7.h>
static const int qcrypto_to_gnutls_hash_alg_map[QCRYPTO_HASH_ALGO__MAX] = {
[QCRYPTO_HASH_ALGO_MD5] = GNUTLS_DIG_MD5,
@@ -335,6 +336,96 @@ int qcrypto_x509_check_ecc_curve_p521(uint8_t *cert, size_t size, Error **errp)
return curve_id == GNUTLS_ECC_CURVE_SECP521R1;
}
+int qcrypto_pkcs7_convert_sig_pem(uint8_t *sig, size_t sig_size,
+ uint8_t **result, size_t *resultlen,
+ Error **errp)
+{
+ int ret = -1;
+ int rc;
+ gnutls_pkcs7_t signature;
+ gnutls_datum_t sig_datum_der = {.data = sig, .size = sig_size};
+ gnutls_datum_t sig_datum_pem = {.data = NULL, .size = 0};
+
+ rc = gnutls_pkcs7_init(&signature);
+ if (rc < 0) {
+ error_setg(errp, "Failed to initialize pkcs7 data: %s", gnutls_strerror(rc));
+ return ret;
+ }
+
+ rc = gnutls_pkcs7_import(signature, &sig_datum_der, GNUTLS_X509_FMT_DER);
+ if (rc != 0) {
+ error_setg(errp, "Failed to import signature: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ rc = gnutls_pkcs7_export2(signature, GNUTLS_X509_FMT_PEM, &sig_datum_pem);
+ if (rc != 0) {
+ error_setg(errp, "Failed to convert signature to PEM format: %s",
+ gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ *resultlen = sig_datum_pem.size;
+ *result = g_memdup2(sig_datum_pem.data, sig_datum_pem.size);
+
+ ret = 0;
+
+cleanup:
+ gnutls_pkcs7_deinit(signature);
+ g_free(sig_datum_pem.data);
+ return ret;
+}
+
+int qcrypto_x509_verify_sig(uint8_t *cert, size_t cert_size,
+ uint8_t *comp, size_t comp_size,
+ uint8_t *sig, size_t sig_size, Error **errp)
+{
+ int rc;
+ int ret = -1;
+ gnutls_x509_crt_t crt = NULL;
+ gnutls_pkcs7_t signature = NULL;
+ gnutls_datum_t cert_datum = {.data = cert, .size = cert_size};
+ gnutls_datum_t data_datum = {.data = comp, .size = comp_size};
+ gnutls_datum_t sig_datum = {.data = sig, .size = sig_size};
+
+ rc = gnutls_x509_crt_init(&crt);
+ if (rc < 0) {
+ error_setg(errp, "Failed to initialize certificate: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ rc = gnutls_x509_crt_import(crt, &cert_datum, GNUTLS_X509_FMT_PEM);
+ if (rc != 0) {
+ error_setg(errp, "Failed to import certificate: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ rc = gnutls_pkcs7_init(&signature);
+ if (rc < 0) {
+ error_setg(errp, "Failed to initialize pkcs7 data: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ rc = gnutls_pkcs7_import(signature, &sig_datum , GNUTLS_X509_FMT_PEM);
+ if (rc != 0) {
+ error_setg(errp, "Failed to import signature: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ rc = gnutls_pkcs7_verify_direct(signature, crt, 0, &data_datum, 0);
+ if (rc != 0) {
+ error_setg(errp, "Failed to verify signature: %s", gnutls_strerror(rc));
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ gnutls_x509_crt_deinit(crt);
+ gnutls_pkcs7_deinit(signature);
+ return ret;
+}
+
#else /* ! CONFIG_GNUTLS */
int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
@@ -378,4 +469,21 @@ int qcrypto_x509_check_ecc_curve_p521(uint8_t *cert, size_t size, Error **errp)
return -1;
}
+int qcrypto_pkcs7_convert_sig_pem(uint8_t *sig, size_t sig_size,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp)
+{
+ error_setg(errp, "GNUTLS is required to export pkcs7 signature");
+ return -1;
+}
+
+int qcrypto_x509_verify_sig(uint8_t *cert, size_t cert_size,
+ uint8_t *comp, size_t comp_size,
+ uint8_t *sig, size_t sig_size, Error **errp)
+{
+ error_setg(errp, "GNUTLS is required for signature-verification support");
+ return -1;
+}
+
#endif /* ! CONFIG_GNUTLS */
diff --git a/include/crypto/x509-utils.h b/include/crypto/x509-utils.h
index fcace73c49..c256d7bfad 100644
--- a/include/crypto/x509-utils.h
+++ b/include/crypto/x509-utils.h
@@ -91,4 +91,45 @@ int qcrypto_x509_get_cert_key_id(uint8_t *cert, size_t size,
*/
int qcrypto_x509_check_ecc_curve_p521(uint8_t *cert, size_t size, Error **errp);
+/**
+ * qcrypto_pkcs7_convert_sig_pem
+ * @sig: pointer to the PKCS#7 signature in DER format
+ * @sig_size: size of the signature
+ * @result: output location for the allocated buffer for the signature in
+ * PEM format
+ * (the function allocates memory which must be freed by the caller)
+ * @resultlen: pointer to the size of the buffer
+ * (will be updated with the actual size of the PEM-encoded
+ * signature)
+ * @errp: error pointer
+ *
+ * Convert given PKCS#7 @sig from DER to PEM format.
+ *
+ * Returns: 0 if PEM-encoded signature was successfully stored in @result,
+ * -1 on error.
+ */
+int qcrypto_pkcs7_convert_sig_pem(uint8_t *sig, size_t sig_size,
+ uint8_t **result,
+ size_t *resultlen,
+ Error **errp);
+
+/**
+ * qcrypto_x509_verify_sig
+ * @cert: pointer to the raw certificate data
+ * @cert_size: size of the certificate
+ * @comp: pointer to the component to be verified
+ * @comp_size: size of the component
+ * @sig: pointer to the signature
+ * @sig_size: size of the signature
+ * @errp: error pointer
+ *
+ * Verify the provided @comp against the @sig and @cert.
+ *
+ * Returns: 0 on success,
+ * -1 on error.
+ */
+int qcrypto_x509_verify_sig(uint8_t *cert, size_t cert_size,
+ uint8_t *comp, size_t comp_size,
+ uint8_t *sig, size_t sig_size, Error **errp);
+
#endif
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 13/35] s390x/diag: generalize s390_ipl_read/write to accept void *
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (11 preceding siblings ...)
2026-07-01 20:48 ` [PATCH v12 12/35] crypto/x509-utils: Add helper functions for DIAG 508 subcode 1 Zhuoying Cai
@ 2026-07-01 20:48 ` Zhuoying Cai
2026-07-02 1:30 ` Jared Rossi
2026-07-01 20:49 ` [PATCH v12 14/35] s390x/diag: Implement DIAG 508 subcode 1 for signature verification Zhuoying Cai
` (21 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:48 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Change the data parameter of s390_ipl_read() and s390_ipl_write()
from IplParameterBlock * to void *, so the helpers can be reused
beyond DIAG 308.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
target/s390x/diag.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index f07d39ab07..aad2e8c6bc 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -83,24 +83,24 @@ static int diag308_parm_check(CPUS390XState *env, uint64_t r1, uint64_t addr,
}
static void s390_ipl_read(CPUS390XState *env, uint64_t addr,
- IplParameterBlock *iplb, size_t size)
+ void *data, size_t size)
{
if (s390_is_pv()) {
- s390_cpu_pv_mem_read(env_archcpu(env), 0, iplb, size);
+ s390_cpu_pv_mem_read(env_archcpu(env), 0, data, size);
} else {
address_space_read(cpu_get_address_space(env_cpu(env), 0), addr,
- MEMTXATTRS_UNSPECIFIED, iplb, size);
+ MEMTXATTRS_UNSPECIFIED, data, size);
}
}
static void s390_ipl_write(CPUS390XState *env, uint64_t addr,
- IplParameterBlock *iplb, size_t size)
+ void *data, size_t size)
{
if (s390_is_pv()) {
- s390_cpu_pv_mem_write(env_archcpu(env), 0, iplb, size);
+ s390_cpu_pv_mem_write(env_archcpu(env), 0, data, size);
} else {
address_space_write(cpu_get_address_space(env_cpu(env), 0), addr,
- MEMTXATTRS_UNSPECIFIED, iplb, size);
+ MEMTXATTRS_UNSPECIFIED, data, size);
}
}
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 13/35] s390x/diag: generalize s390_ipl_read/write to accept void *
2026-07-01 20:48 ` [PATCH v12 13/35] s390x/diag: generalize s390_ipl_read/write to accept void * Zhuoying Cai
@ 2026-07-02 1:30 ` Jared Rossi
0 siblings, 0 replies; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 1:30 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:48 PM, Zhuoying Cai wrote:
> Change the data parameter of s390_ipl_read() and s390_ipl_write()
> from IplParameterBlock * to void *, so the helpers can be reused
> beyond DIAG 308.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> target/s390x/diag.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/target/s390x/diag.c b/target/s390x/diag.c
> index f07d39ab07..aad2e8c6bc 100644
> --- a/target/s390x/diag.c
> +++ b/target/s390x/diag.c
> @@ -83,24 +83,24 @@ static int diag308_parm_check(CPUS390XState *env, uint64_t r1, uint64_t addr,
> }
>
> static void s390_ipl_read(CPUS390XState *env, uint64_t addr,
> - IplParameterBlock *iplb, size_t size)
> + void *data, size_t size)
> {
> if (s390_is_pv()) {
> - s390_cpu_pv_mem_read(env_archcpu(env), 0, iplb, size);
> + s390_cpu_pv_mem_read(env_archcpu(env), 0, data, size);
> } else {
> address_space_read(cpu_get_address_space(env_cpu(env), 0), addr,
> - MEMTXATTRS_UNSPECIFIED, iplb, size);
> + MEMTXATTRS_UNSPECIFIED, data, size);
> }
> }
>
> static void s390_ipl_write(CPUS390XState *env, uint64_t addr,
> - IplParameterBlock *iplb, size_t size)
> + void *data, size_t size)
> {
> if (s390_is_pv()) {
> - s390_cpu_pv_mem_write(env_archcpu(env), 0, iplb, size);
> + s390_cpu_pv_mem_write(env_archcpu(env), 0, data, size);
> } else {
> address_space_write(cpu_get_address_space(env_cpu(env), 0), addr,
> - MEMTXATTRS_UNSPECIFIED, iplb, size);
> + MEMTXATTRS_UNSPECIFIED, data, size);
> }
> }
>
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 14/35] s390x/diag: Implement DIAG 508 subcode 1 for signature verification
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (12 preceding siblings ...)
2026-07-01 20:48 ` [PATCH v12 13/35] s390x/diag: generalize s390_ipl_read/write to accept void * Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-01 20:49 ` [PATCH v12 15/35] s390x/ipl: Introduce IPL Information Report Block (IIRB) Zhuoying Cai
` (20 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
From: Collin Walling <walling@linux.ibm.com>
DIAG 508 subcode 1 performs signature-verification on signed components.
A signed component may be a Linux kernel image, or any other signed
binary. **Verification of initrd is not supported.**
The instruction call expects two item-pairs: an address of a device
component, an address of the analogous signature file (in PKCS#7 DER format),
and their respective lengths. All of this data should be encapsulated
within a Diag508SigVerifBlock.
The DIAG handler will read from the provided addresses
to retrieve the necessary data, parse the signature file, then
perform the signature-verification. Because there is no way to
correlate a specific certificate to a component, each certificate
in the store is tried until either verification succeeds, or all
certs have been exhausted.
A return code of 1 indicates success, and the index and length of the
corresponding certificate will be set in the Diag508SigVerifBlock.
The following values indicate failure:
0x0102: no certificates are available in the store
0x0202: component data is invalid
0x0302: PKCS#7 format signature is invalid
0x0402: signature-verification failed
0x0502: length of Diag508SigVerifBlock is invalid
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Farhan Ali<alifm@linux.ibm.com>
---
docs/specs/s390x-secure-ipl.rst | 17 +++++
include/hw/s390x/ipl/diag508.h | 30 +++++++++
target/s390x/diag.c | 111 +++++++++++++++++++++++++++++++-
3 files changed, 157 insertions(+), 1 deletion(-)
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
index 2198805b47..a8be863548 100644
--- a/docs/specs/s390x-secure-ipl.rst
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -84,3 +84,20 @@ that requires assistance from QEMU.
Subcode 0 - query installed subcodes
Returns a 64-bit mask indicating which subcodes are supported.
+
+Subcode 1 - perform signature verification
+ Perform signature-verification on a signed component, using certificates
+ from the certificate store and leveraging qcrypto libraries to perform
+ this operation.
+
+ Note: verification of initrd is not supported.
+
+ A return code of 1 indicates success, and the index and length of the
+ corresponding certificate will be set in the Diag508SigVerifBlock.
+ The following values indicate failure:
+
+ * ``0x0102``: no certificates are available in the store
+ * ``0x0202``: component data is invalid
+ * ``0x0302``: PKCS#7 format signature is invalid
+ * ``0x0402``: signature-verification failed
+ * ``0x0502``: length of Diag508SigVerifBlock is invalid
diff --git a/include/hw/s390x/ipl/diag508.h b/include/hw/s390x/ipl/diag508.h
index 6281ad8299..8a147f32a0 100644
--- a/include/hw/s390x/ipl/diag508.h
+++ b/include/hw/s390x/ipl/diag508.h
@@ -11,5 +11,35 @@
#define S390X_DIAG508_H
#define DIAG_508_SUBC_QUERY_SUBC 0x0000
+#define DIAG_508_SUBC_SIG_VERIF 0x8000
+
+#define DIAG_508_RC_OK 0x0001
+#define DIAG_508_RC_NO_CERTS 0x0102
+#define DIAG_508_RC_INVAL_COMP_DATA 0x0202
+#define DIAG_508_RC_INVAL_PKCS7_SIG 0x0302
+#define DIAG_508_RC_FAIL_VERIF 0x0402
+#define DIAG_508_RC_INVAL_LEN 0x0502
+
+/*
+ * Maximum componenet and signature sizes for current secure boot implementation
+ * Not architecturally defined and may need to revisit if increased
+ */
+#define DIAG_508_MAX_COMP_LEN 0x10000000
+#define DIAG_508_MAX_SIG_LEN 4096
+
+struct Diag508SigVerifBlock {
+ uint32_t length;
+ uint8_t reserved0[3];
+ uint8_t version;
+ uint32_t reserved[2];
+ uint8_t cert_store_index;
+ uint8_t reserved1[7];
+ uint64_t cert_len;
+ uint64_t comp_len;
+ uint64_t comp_addr;
+ uint64_t sig_len;
+ uint64_t sig_addr;
+};
+typedef struct Diag508SigVerifBlock Diag508SigVerifBlock;
#endif
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index aad2e8c6bc..6c855db783 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -625,9 +625,110 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
}
}
+static bool diag_508_verify_sig(uint8_t *cert, size_t cert_size,
+ uint8_t *comp, size_t comp_size,
+ uint8_t *sig, size_t sig_size)
+{
+ g_autofree uint8_t *sig_pem = NULL;
+ size_t sig_size_pem;
+ int rc;
+
+ /*
+ * PKCS#7 signature with DER format
+ * Convert to PEM format for signature verification
+ *
+ * Ignore errors during qcrypto signature format conversion and verification
+ * Return false on any error, treating it as a verification failure
+ */
+ rc = qcrypto_pkcs7_convert_sig_pem(sig, sig_size, &sig_pem, &sig_size_pem, NULL);
+ if (rc < 0) {
+ return false;
+ }
+
+ rc = qcrypto_x509_verify_sig(cert, cert_size,
+ comp, comp_size,
+ sig_pem, sig_size_pem, NULL);
+ if (rc < 0) {
+ return false;
+ }
+
+ return true;
+}
+
+static int handle_diag508_sig_verif(CPUS390XState *env, uint64_t addr)
+{
+ int verified;
+ uint32_t svb_len;
+ uint64_t comp_len, comp_addr;
+ uint64_t sig_len, sig_addr;
+ g_autofree uint8_t *comp = NULL;
+ g_autofree uint8_t *sig = NULL;
+ g_autofree Diag508SigVerifBlock *svb = NULL;
+ size_t svb_size = sizeof(Diag508SigVerifBlock);
+ S390IPLCertificateStore *cs = s390_ipl_get_certificate_store();
+
+ if (!cs->count) {
+ return DIAG_508_RC_NO_CERTS;
+ }
+
+ svb = g_new0(Diag508SigVerifBlock, 1);
+ s390_ipl_read(env, addr, svb, svb_size);
+
+ svb_len = be32_to_cpu(svb->length);
+ if (svb_len != svb_size) {
+ return DIAG_508_RC_INVAL_LEN;
+ }
+
+ comp_len = be64_to_cpu(svb->comp_len);
+ comp_addr = be64_to_cpu(svb->comp_addr);
+ sig_len = be64_to_cpu(svb->sig_len);
+ sig_addr = be64_to_cpu(svb->sig_addr);
+
+ if (!comp_len || !comp_addr || comp_len > DIAG_508_MAX_COMP_LEN) {
+ if (comp_len > DIAG_508_MAX_COMP_LEN) {
+ warn_report("DIAG 0x508: component length %lu exceeds current maximum %u",
+ comp_len, DIAG_508_MAX_COMP_LEN);
+ }
+ return DIAG_508_RC_INVAL_COMP_DATA;
+ }
+
+ if (!sig_len || !sig_addr || sig_len > DIAG_508_MAX_SIG_LEN) {
+ if (sig_len > DIAG_508_MAX_SIG_LEN) {
+ warn_report("DIAG 0x508: signature length %lu exceeds current maximum %u",
+ sig_len, DIAG_508_MAX_SIG_LEN);
+ }
+ return DIAG_508_RC_INVAL_PKCS7_SIG;
+ }
+
+ comp = g_malloc0(comp_len);
+ s390_ipl_read(env, comp_addr, comp, comp_len);
+
+ sig = g_malloc0(sig_len);
+ s390_ipl_read(env, sig_addr, sig, sig_len);
+
+ for (int i = 0; i < cs->count; i++) {
+ verified = diag_508_verify_sig(cs->certs[i].raw,
+ cs->certs[i].size,
+ comp, comp_len,
+ sig, sig_len);
+ if (verified) {
+ svb->cert_store_index = i;
+ svb->cert_len = cpu_to_be64(cs->certs[i].der_size);
+ s390_ipl_write(env, addr, svb, svb_size);
+ return DIAG_508_RC_OK;
+ }
+ }
+
+ return DIAG_508_RC_FAIL_VERIF;
+}
+
+QEMU_BUILD_BUG_MSG(sizeof(Diag508SigVerifBlock) != 64,
+ "size of Diag508SigVerifBlock is wrong");
+
void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
{
uint64_t subcode = env->regs[r3];
+ uint64_t addr = env->regs[r1];
int rc;
if (env->psw.mask & PSW_MASK_PSTATE) {
@@ -642,7 +743,15 @@ void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
switch (subcode) {
case DIAG_508_SUBC_QUERY_SUBC:
- rc = 0;
+ rc = DIAG_508_SUBC_SIG_VERIF;
+ break;
+ case DIAG_508_SUBC_SIG_VERIF:
+ if (!diag_parm_addr_valid(addr, sizeof(Diag508SigVerifBlock), true)) {
+ s390_program_interrupt(env, PGM_ADDRESSING, ra);
+ return;
+ }
+
+ rc = handle_diag508_sig_verif(env, addr);
break;
default:
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 15/35] s390x/ipl: Introduce IPL Information Report Block (IIRB)
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (13 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 14/35] s390x/diag: Implement DIAG 508 subcode 1 for signature verification Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 1:39 ` Jared Rossi
2026-07-01 20:49 ` [PATCH v12 16/35] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers Zhuoying Cai
` (19 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
The IPL information report block (IIRB) contains information used
to locate IPL records and to report the results of signature verification
of one or more secure components of the load device.
IIRB is stored immediately following the IPL Parameter Block. Results on
component verification in any case (failure or success) are stored.
The IIRB data is reserved and protected by the guest kernel during early
boot to prevent it from being overwritten before the certificate data is
permanently saved.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Farhan Ali<alifm@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
---
docs/specs/s390x-secure-ipl.rst | 21 +++++++++++
include/hw/s390x/ipl/qipl.h | 62 +++++++++++++++++++++++++++++++++
2 files changed, 83 insertions(+)
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
index a8be863548..a183d46b61 100644
--- a/docs/specs/s390x-secure-ipl.rst
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -101,3 +101,24 @@ Subcode 1 - perform signature verification
* ``0x0302``: PKCS#7 format signature is invalid
* ``0x0402``: signature-verification failed
* ``0x0502``: length of Diag508SigVerifBlock is invalid
+
+IPL Information Report Block
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The IPL Parameter Block (IPLPB), utilized for IPL operation, is extended with an
+IPL Information Report Block (IIRB), which contains the results from secure IPL
+operations such as:
+
+* component data
+* verification results
+* certificate data
+
+During early boot, the guest kernel reserves the memory region
+containing the IIRB. This preserves the data while the guest kernel is
+operating and during re-IPL.
+
+The guest kernel uses the contents in the IIRB for:
+
+* Boot logging: reports which components were loaded and verified.
+* kexec operations: builds the next kernel’s IPL report from the existing one.
+* Keying: installs IPL certificates into the platform trusted keyring.
diff --git a/include/hw/s390x/ipl/qipl.h b/include/hw/s390x/ipl/qipl.h
index ed1a91182a..45d25264f4 100644
--- a/include/hw/s390x/ipl/qipl.h
+++ b/include/hw/s390x/ipl/qipl.h
@@ -32,6 +32,9 @@ typedef enum S390IplType S390IplType;
#define QEMU_DEFAULT_IPL S390_IPL_TYPE_CCW
#define MAX_CERTIFICATES 64
+/* largest supported block size - same as VIRTIO_DASD_DEFAULT_BLOCK_SIZE */
+#define VIRTIO_MAX_BLOCK_SIZE 4096
+#define MAX_COMP_ENTRIES ((VIRTIO_MAX_BLOCK_SIZE - 32) / 32)
/*
* The QEMU IPL Parameters will be stored at absolute address
@@ -146,4 +149,63 @@ union IplParameterBlock {
} QEMU_PACKED;
typedef union IplParameterBlock IplParameterBlock;
+struct IplInfoReportBlockHeader {
+ uint32_t len;
+ uint8_t flags;
+ uint8_t reserved1[11];
+};
+typedef struct IplInfoReportBlockHeader IplInfoReportBlockHeader;
+
+struct IplInfoBlockHeader {
+ uint32_t len;
+ uint8_t type;
+ uint8_t reserved1[11];
+};
+typedef struct IplInfoBlockHeader IplInfoBlockHeader;
+
+enum IplInfoBlockType {
+ IPL_INFO_BLOCK_TYPE_CERTIFICATES = 1,
+ IPL_INFO_BLOCK_TYPE_COMPONENTS = 2,
+};
+
+struct IplSignatureCertificateEntry {
+ uint64_t addr;
+ uint64_t len;
+};
+typedef struct IplSignatureCertificateEntry IplSignatureCertificateEntry;
+
+struct IplSignatureCertificateList {
+ IplInfoBlockHeader ipl_info_header;
+ IplSignatureCertificateEntry cert_entries[MAX_CERTIFICATES];
+};
+typedef struct IplSignatureCertificateList IplSignatureCertificateList;
+
+#define S390_IPL_DEV_COMP_FLAG_SC 0x80
+#define S390_IPL_DEV_COMP_FLAG_CSV 0x40
+
+struct IplDeviceComponentEntry {
+ uint64_t addr;
+ uint64_t len;
+ uint8_t flags;
+ uint8_t reserved1[5];
+ uint16_t cert_index;
+ uint8_t reserved2[8];
+};
+typedef struct IplDeviceComponentEntry IplDeviceComponentEntry;
+
+struct IplDeviceComponentList {
+ IplInfoBlockHeader ipl_info_header;
+ IplDeviceComponentEntry device_entries[MAX_COMP_ENTRIES];
+};
+typedef struct IplDeviceComponentList IplDeviceComponentList;
+
+#define COMP_LIST_MAX sizeof(IplDeviceComponentList)
+#define CERT_LIST_MAX sizeof(IplSignatureCertificateList)
+
+struct IplInfoReportBlock {
+ IplInfoReportBlockHeader hdr;
+ uint8_t info_blks[COMP_LIST_MAX + CERT_LIST_MAX];
+};
+typedef struct IplInfoReportBlock IplInfoReportBlock;
+
#endif
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 15/35] s390x/ipl: Introduce IPL Information Report Block (IIRB)
2026-07-01 20:49 ` [PATCH v12 15/35] s390x/ipl: Introduce IPL Information Report Block (IIRB) Zhuoying Cai
@ 2026-07-02 1:39 ` Jared Rossi
0 siblings, 0 replies; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 1:39 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> The IPL information report block (IIRB) contains information used
> to locate IPL records and to report the results of signature verification
> of one or more secure components of the load device.
>
> IIRB is stored immediately following the IPL Parameter Block. Results on
> component verification in any case (failure or success) are stored.
>
> The IIRB data is reserved and protected by the guest kernel during early
> boot to prevent it from being overwritten before the certificate data is
> permanently saved.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> Reviewed-by: Farhan Ali<alifm@linux.ibm.com>
> Reviewed-by: Collin Walling <walling@linux.ibm.com>
> ---
> docs/specs/s390x-secure-ipl.rst | 21 +++++++++++
> include/hw/s390x/ipl/qipl.h | 62 +++++++++++++++++++++++++++++++++
> 2 files changed, 83 insertions(+)
>
> diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
> index a8be863548..a183d46b61 100644
> --- a/docs/specs/s390x-secure-ipl.rst
> +++ b/docs/specs/s390x-secure-ipl.rst
> @@ -101,3 +101,24 @@ Subcode 1 - perform signature verification
> * ``0x0302``: PKCS#7 format signature is invalid
> * ``0x0402``: signature-verification failed
> * ``0x0502``: length of Diag508SigVerifBlock is invalid
> +
> +IPL Information Report Block
> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> +
> +The IPL Parameter Block (IPLPB), utilized for IPL operation, is extended with an
> +IPL Information Report Block (IIRB), which contains the results from secure IPL
> +operations such as:
> +
> +* component data
> +* verification results
> +* certificate data
> +
> +During early boot, the guest kernel reserves the memory region
> +containing the IIRB. This preserves the data while the guest kernel is
> +operating and during re-IPL.
> +
> +The guest kernel uses the contents in the IIRB for:
> +
> +* Boot logging: reports which components were loaded and verified.
> +* kexec operations: builds the next kernel’s IPL report from the existing one.
> +* Keying: installs IPL certificates into the platform trusted keyring.
> diff --git a/include/hw/s390x/ipl/qipl.h b/include/hw/s390x/ipl/qipl.h
> index ed1a91182a..45d25264f4 100644
> --- a/include/hw/s390x/ipl/qipl.h
> +++ b/include/hw/s390x/ipl/qipl.h
> @@ -32,6 +32,9 @@ typedef enum S390IplType S390IplType;
> #define QEMU_DEFAULT_IPL S390_IPL_TYPE_CCW
>
> #define MAX_CERTIFICATES 64
> +/* largest supported block size - same as VIRTIO_DASD_DEFAULT_BLOCK_SIZE */
> +#define VIRTIO_MAX_BLOCK_SIZE 4096
> +#define MAX_COMP_ENTRIES ((VIRTIO_MAX_BLOCK_SIZE - 32) / 32)
>
> /*
> * The QEMU IPL Parameters will be stored at absolute address
> @@ -146,4 +149,63 @@ union IplParameterBlock {
> } QEMU_PACKED;
> typedef union IplParameterBlock IplParameterBlock;
>
> +struct IplInfoReportBlockHeader {
> + uint32_t len;
> + uint8_t flags;
> + uint8_t reserved1[11];
> +};
> +typedef struct IplInfoReportBlockHeader IplInfoReportBlockHeader;
> +
> +struct IplInfoBlockHeader {
> + uint32_t len;
> + uint8_t type;
> + uint8_t reserved1[11];
> +};
> +typedef struct IplInfoBlockHeader IplInfoBlockHeader;
> +
> +enum IplInfoBlockType {
> + IPL_INFO_BLOCK_TYPE_CERTIFICATES = 1,
> + IPL_INFO_BLOCK_TYPE_COMPONENTS = 2,
> +};
> +
> +struct IplSignatureCertificateEntry {
> + uint64_t addr;
> + uint64_t len;
> +};
> +typedef struct IplSignatureCertificateEntry IplSignatureCertificateEntry;
> +
> +struct IplSignatureCertificateList {
> + IplInfoBlockHeader ipl_info_header;
> + IplSignatureCertificateEntry cert_entries[MAX_CERTIFICATES];
> +};
> +typedef struct IplSignatureCertificateList IplSignatureCertificateList;
> +
> +#define S390_IPL_DEV_COMP_FLAG_SC 0x80
> +#define S390_IPL_DEV_COMP_FLAG_CSV 0x40
> +
> +struct IplDeviceComponentEntry {
> + uint64_t addr;
> + uint64_t len;
> + uint8_t flags;
> + uint8_t reserved1[5];
> + uint16_t cert_index;
> + uint8_t reserved2[8];
> +};
> +typedef struct IplDeviceComponentEntry IplDeviceComponentEntry;
> +
> +struct IplDeviceComponentList {
> + IplInfoBlockHeader ipl_info_header;
> + IplDeviceComponentEntry device_entries[MAX_COMP_ENTRIES];
> +};
> +typedef struct IplDeviceComponentList IplDeviceComponentList;
> +
> +#define COMP_LIST_MAX sizeof(IplDeviceComponentList)
> +#define CERT_LIST_MAX sizeof(IplSignatureCertificateList)
> +
> +struct IplInfoReportBlock {
> + IplInfoReportBlockHeader hdr;
> + uint8_t info_blks[COMP_LIST_MAX + CERT_LIST_MAX];
> +};
> +typedef struct IplInfoReportBlock IplInfoReportBlock;
> +
> #endif
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 16/35] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (14 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 15/35] s390x/ipl: Introduce IPL Information Report Block (IIRB) Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 1:42 ` Jared Rossi
2026-07-01 20:49 ` [PATCH v12 17/35] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block Zhuoying Cai
` (18 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Define a memory space for both IPL Parameter Block (IPLB) and
IPL Information Report Block (IIRB) since IIRB is stored immediately
following IPLB.
Convert IPLB to pointer and it points to the start of the defined memory space.
IIRB points to the end of IPLB.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Farhan Ali<alifm@linux.ibm.com>
---
include/hw/s390x/ipl/qipl.h | 6 ++++++
pc-bios/s390-ccw/iplb.h | 5 +++--
pc-bios/s390-ccw/jump2ipl.c | 6 +++---
pc-bios/s390-ccw/main.c | 34 +++++++++++++++++++---------------
pc-bios/s390-ccw/netmain.c | 8 ++++----
5 files changed, 35 insertions(+), 24 deletions(-)
diff --git a/include/hw/s390x/ipl/qipl.h b/include/hw/s390x/ipl/qipl.h
index 45d25264f4..9940f1457c 100644
--- a/include/hw/s390x/ipl/qipl.h
+++ b/include/hw/s390x/ipl/qipl.h
@@ -208,4 +208,10 @@ struct IplInfoReportBlock {
};
typedef struct IplInfoReportBlock IplInfoReportBlock;
+struct IplBlocks {
+ IplParameterBlock iplb;
+ IplInfoReportBlock iirb;
+};
+typedef struct IplBlocks IplBlocks;
+
#endif
diff --git a/pc-bios/s390-ccw/iplb.h b/pc-bios/s390-ccw/iplb.h
index 926e8eed5d..c92a3d0f0c 100644
--- a/pc-bios/s390-ccw/iplb.h
+++ b/pc-bios/s390-ccw/iplb.h
@@ -20,8 +20,9 @@
#include <string.h>
extern QemuIplParameters qipl;
-extern IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE)));
+extern IplParameterBlock *iplb;
extern bool have_iplb;
+extern IplBlocks ipl_blocks;
static inline bool manage_iplb(IplParameterBlock *iplb, bool store)
{
@@ -61,7 +62,7 @@ static inline bool load_next_iplb(void)
qipl.index++;
next_iplb = (IplParameterBlock *) qipl.next_iplb;
- memcpy(&iplb, next_iplb, sizeof(IplParameterBlock));
+ memcpy(iplb, next_iplb, sizeof(IplParameterBlock));
qipl.chain_len--;
qipl.next_iplb = qipl.next_iplb + sizeof(IplParameterBlock);
diff --git a/pc-bios/s390-ccw/jump2ipl.c b/pc-bios/s390-ccw/jump2ipl.c
index 86321d0f46..fa2ca5cbe1 100644
--- a/pc-bios/s390-ccw/jump2ipl.c
+++ b/pc-bios/s390-ccw/jump2ipl.c
@@ -43,11 +43,11 @@ int jump_to_IPL_code(uint64_t address)
* The IPLB for QEMU SCSI type devices must be rebuilt during re-ipl. The
* iplb.devno is set to the boot position of the target SCSI device.
*/
- if (iplb.pbt == S390_IPL_TYPE_QEMU_SCSI) {
- iplb.devno = qipl.index;
+ if (iplb->pbt == S390_IPL_TYPE_QEMU_SCSI) {
+ iplb->devno = qipl.index;
}
- if (have_iplb && !set_iplb(&iplb)) {
+ if (have_iplb && !set_iplb(iplb)) {
panic("Failed to set IPLB");
}
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index 26287cfd81..b8f836c682 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -24,7 +24,9 @@
static SubChannelId blk_schid = { .one = 1 };
static char loadparm_str[LOADPARM_LEN + 1];
QemuIplParameters qipl;
-IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE)));
+/* Ensure that IPLB and IIRB are page aligned and sequential in memory */
+IplBlocks ipl_blocks __attribute__((__aligned__(PAGE_SIZE)));
+IplParameterBlock *iplb;
bool have_iplb;
static uint16_t cutype;
LowCore *lowcore; /* Yes, this *is* a pointer to address 0 */
@@ -53,7 +55,7 @@ void write_subsystem_identification(void)
void write_iplb_location(void)
{
if (cutype == CU_TYPE_VIRTIO && virtio_get_device_type() != VIRTIO_ID_NET) {
- lowcore->ptr_iplb = ptr2u32(&iplb);
+ lowcore->ptr_iplb = ptr2u32(iplb);
}
}
@@ -213,14 +215,14 @@ static void boot_setup(void)
char lpmsg[] = "LOADPARM=[________]\n";
VDev *vdev = virtio_get_device();
- if (have_iplb && memcmp(iplb.loadparm, NO_LOADPARM, LOADPARM_LEN) != 0) {
- ebcdic_to_ascii((char *) iplb.loadparm, loadparm_str, LOADPARM_LEN);
+ if (have_iplb && memcmp(iplb->loadparm, NO_LOADPARM, LOADPARM_LEN) != 0) {
+ ebcdic_to_ascii((char *) iplb->loadparm, loadparm_str, LOADPARM_LEN);
} else {
sclp_get_loadparm_ascii(loadparm_str);
}
if (have_iplb) {
- vdev->ipl_type = iplb.pbt;
+ vdev->ipl_type = iplb->pbt;
menu_setup(vdev);
} else {
vdev->ipl_type = QEMU_DEFAULT_IPL;
@@ -244,21 +246,21 @@ static bool find_boot_device(void)
switch (vdev->ipl_type) {
case S390_IPL_TYPE_CCW:
vdev->scsi_device_selected = false;
- debug_print_int("device no. ", iplb.ccw.devno);
- blk_schid.ssid = iplb.ccw.ssid & 0x3;
+ debug_print_int("device no. ", iplb->ccw.devno);
+ blk_schid.ssid = iplb->ccw.ssid & 0x3;
debug_print_int("ssid ", blk_schid.ssid);
- found = find_subch(iplb.ccw.devno);
+ found = find_subch(iplb->ccw.devno);
break;
case S390_IPL_TYPE_QEMU_SCSI:
vdev->scsi_device_selected = true;
- vdev->selected_scsi_device.channel = iplb.scsi.channel;
- vdev->selected_scsi_device.target = iplb.scsi.target;
- vdev->selected_scsi_device.lun = iplb.scsi.lun;
- blk_schid.ssid = iplb.scsi.ssid & 0x3;
- found = find_subch(iplb.scsi.devno);
+ vdev->selected_scsi_device.channel = iplb->scsi.channel;
+ vdev->selected_scsi_device.target = iplb->scsi.target;
+ vdev->selected_scsi_device.lun = iplb->scsi.lun;
+ blk_schid.ssid = iplb->scsi.ssid & 0x3;
+ found = find_subch(iplb->scsi.devno);
break;
case S390_IPL_TYPE_PCI:
- found = find_fid(iplb.pci.fid);
+ found = find_fid(iplb->pci.fid);
break;
default:
puts("Unsupported IPLB");
@@ -377,10 +379,12 @@ static void probe_boot_device(void)
void main(void)
{
+ iplb = &ipl_blocks.iplb;
+
copy_qipl();
sclp_setup();
css_setup();
- have_iplb = store_iplb(&iplb);
+ have_iplb = store_iplb(iplb);
if (!have_iplb) {
boot_setup();
probe_boot_device();
diff --git a/pc-bios/s390-ccw/netmain.c b/pc-bios/s390-ccw/netmain.c
index 651cedf6ef..9b4dfd4638 100644
--- a/pc-bios/s390-ccw/netmain.c
+++ b/pc-bios/s390-ccw/netmain.c
@@ -528,11 +528,11 @@ static bool virtio_setup(void)
*/
enable_mss_facility();
- if (have_iplb || store_iplb(&iplb)) {
- IPL_assert(iplb.pbt == S390_IPL_TYPE_CCW, "IPL_TYPE_CCW expected");
- dev_no = iplb.ccw.devno;
+ if (have_iplb || store_iplb(iplb)) {
+ IPL_assert(iplb->pbt == S390_IPL_TYPE_CCW, "IPL_TYPE_CCW expected");
+ dev_no = iplb->ccw.devno;
debug_print_int("device no. ", dev_no);
- net_schid.ssid = iplb.ccw.ssid & 0x3;
+ net_schid.ssid = iplb->ccw.ssid & 0x3;
debug_print_int("ssid ", net_schid.ssid);
found = find_net_dev(&schib, dev_no);
} else {
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 16/35] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers
2026-07-01 20:49 ` [PATCH v12 16/35] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers Zhuoying Cai
@ 2026-07-02 1:42 ` Jared Rossi
0 siblings, 0 replies; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 1:42 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> Define a memory space for both IPL Parameter Block (IPLB) and
> IPL Information Report Block (IIRB) since IIRB is stored immediately
> following IPLB.
>
> Convert IPLB to pointer and it points to the start of the defined memory space.
> IIRB points to the end of IPLB.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
> Reviewed-by: Farhan Ali<alifm@linux.ibm.com>
> ---
> include/hw/s390x/ipl/qipl.h | 6 ++++++
> pc-bios/s390-ccw/iplb.h | 5 +++--
> pc-bios/s390-ccw/jump2ipl.c | 6 +++---
> pc-bios/s390-ccw/main.c | 34 +++++++++++++++++++---------------
> pc-bios/s390-ccw/netmain.c | 8 ++++----
> 5 files changed, 35 insertions(+), 24 deletions(-)
>
> diff --git a/include/hw/s390x/ipl/qipl.h b/include/hw/s390x/ipl/qipl.h
> index 45d25264f4..9940f1457c 100644
> --- a/include/hw/s390x/ipl/qipl.h
> +++ b/include/hw/s390x/ipl/qipl.h
> @@ -208,4 +208,10 @@ struct IplInfoReportBlock {
> };
> typedef struct IplInfoReportBlock IplInfoReportBlock;
>
> +struct IplBlocks {
> + IplParameterBlock iplb;
> + IplInfoReportBlock iirb;
> +};
> +typedef struct IplBlocks IplBlocks;
> +
> #endif
> diff --git a/pc-bios/s390-ccw/iplb.h b/pc-bios/s390-ccw/iplb.h
> index 926e8eed5d..c92a3d0f0c 100644
> --- a/pc-bios/s390-ccw/iplb.h
> +++ b/pc-bios/s390-ccw/iplb.h
> @@ -20,8 +20,9 @@
> #include <string.h>
>
> extern QemuIplParameters qipl;
> -extern IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE)));
> +extern IplParameterBlock *iplb;
> extern bool have_iplb;
> +extern IplBlocks ipl_blocks;
>
> static inline bool manage_iplb(IplParameterBlock *iplb, bool store)
> {
> @@ -61,7 +62,7 @@ static inline bool load_next_iplb(void)
>
> qipl.index++;
> next_iplb = (IplParameterBlock *) qipl.next_iplb;
> - memcpy(&iplb, next_iplb, sizeof(IplParameterBlock));
> + memcpy(iplb, next_iplb, sizeof(IplParameterBlock));
>
> qipl.chain_len--;
> qipl.next_iplb = qipl.next_iplb + sizeof(IplParameterBlock);
> diff --git a/pc-bios/s390-ccw/jump2ipl.c b/pc-bios/s390-ccw/jump2ipl.c
> index 86321d0f46..fa2ca5cbe1 100644
> --- a/pc-bios/s390-ccw/jump2ipl.c
> +++ b/pc-bios/s390-ccw/jump2ipl.c
> @@ -43,11 +43,11 @@ int jump_to_IPL_code(uint64_t address)
> * The IPLB for QEMU SCSI type devices must be rebuilt during re-ipl. The
> * iplb.devno is set to the boot position of the target SCSI device.
> */
> - if (iplb.pbt == S390_IPL_TYPE_QEMU_SCSI) {
> - iplb.devno = qipl.index;
> + if (iplb->pbt == S390_IPL_TYPE_QEMU_SCSI) {
> + iplb->devno = qipl.index;
> }
>
> - if (have_iplb && !set_iplb(&iplb)) {
> + if (have_iplb && !set_iplb(iplb)) {
> panic("Failed to set IPLB");
> }
>
> diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
> index 26287cfd81..b8f836c682 100644
> --- a/pc-bios/s390-ccw/main.c
> +++ b/pc-bios/s390-ccw/main.c
> @@ -24,7 +24,9 @@
> static SubChannelId blk_schid = { .one = 1 };
> static char loadparm_str[LOADPARM_LEN + 1];
> QemuIplParameters qipl;
> -IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE)));
> +/* Ensure that IPLB and IIRB are page aligned and sequential in memory */
> +IplBlocks ipl_blocks __attribute__((__aligned__(PAGE_SIZE)));
> +IplParameterBlock *iplb;
> bool have_iplb;
> static uint16_t cutype;
> LowCore *lowcore; /* Yes, this *is* a pointer to address 0 */
> @@ -53,7 +55,7 @@ void write_subsystem_identification(void)
> void write_iplb_location(void)
> {
> if (cutype == CU_TYPE_VIRTIO && virtio_get_device_type() != VIRTIO_ID_NET) {
> - lowcore->ptr_iplb = ptr2u32(&iplb);
> + lowcore->ptr_iplb = ptr2u32(iplb);
> }
> }
>
> @@ -213,14 +215,14 @@ static void boot_setup(void)
> char lpmsg[] = "LOADPARM=[________]\n";
> VDev *vdev = virtio_get_device();
>
> - if (have_iplb && memcmp(iplb.loadparm, NO_LOADPARM, LOADPARM_LEN) != 0) {
> - ebcdic_to_ascii((char *) iplb.loadparm, loadparm_str, LOADPARM_LEN);
> + if (have_iplb && memcmp(iplb->loadparm, NO_LOADPARM, LOADPARM_LEN) != 0) {
> + ebcdic_to_ascii((char *) iplb->loadparm, loadparm_str, LOADPARM_LEN);
> } else {
> sclp_get_loadparm_ascii(loadparm_str);
> }
>
> if (have_iplb) {
> - vdev->ipl_type = iplb.pbt;
> + vdev->ipl_type = iplb->pbt;
> menu_setup(vdev);
> } else {
> vdev->ipl_type = QEMU_DEFAULT_IPL;
> @@ -244,21 +246,21 @@ static bool find_boot_device(void)
> switch (vdev->ipl_type) {
> case S390_IPL_TYPE_CCW:
> vdev->scsi_device_selected = false;
> - debug_print_int("device no. ", iplb.ccw.devno);
> - blk_schid.ssid = iplb.ccw.ssid & 0x3;
> + debug_print_int("device no. ", iplb->ccw.devno);
> + blk_schid.ssid = iplb->ccw.ssid & 0x3;
> debug_print_int("ssid ", blk_schid.ssid);
> - found = find_subch(iplb.ccw.devno);
> + found = find_subch(iplb->ccw.devno);
> break;
> case S390_IPL_TYPE_QEMU_SCSI:
> vdev->scsi_device_selected = true;
> - vdev->selected_scsi_device.channel = iplb.scsi.channel;
> - vdev->selected_scsi_device.target = iplb.scsi.target;
> - vdev->selected_scsi_device.lun = iplb.scsi.lun;
> - blk_schid.ssid = iplb.scsi.ssid & 0x3;
> - found = find_subch(iplb.scsi.devno);
> + vdev->selected_scsi_device.channel = iplb->scsi.channel;
> + vdev->selected_scsi_device.target = iplb->scsi.target;
> + vdev->selected_scsi_device.lun = iplb->scsi.lun;
> + blk_schid.ssid = iplb->scsi.ssid & 0x3;
> + found = find_subch(iplb->scsi.devno);
> break;
> case S390_IPL_TYPE_PCI:
> - found = find_fid(iplb.pci.fid);
> + found = find_fid(iplb->pci.fid);
> break;
> default:
> puts("Unsupported IPLB");
> @@ -377,10 +379,12 @@ static void probe_boot_device(void)
>
> void main(void)
> {
> + iplb = &ipl_blocks.iplb;
> +
> copy_qipl();
> sclp_setup();
> css_setup();
> - have_iplb = store_iplb(&iplb);
> + have_iplb = store_iplb(iplb);
> if (!have_iplb) {
> boot_setup();
> probe_boot_device();
> diff --git a/pc-bios/s390-ccw/netmain.c b/pc-bios/s390-ccw/netmain.c
> index 651cedf6ef..9b4dfd4638 100644
> --- a/pc-bios/s390-ccw/netmain.c
> +++ b/pc-bios/s390-ccw/netmain.c
> @@ -528,11 +528,11 @@ static bool virtio_setup(void)
> */
> enable_mss_facility();
>
> - if (have_iplb || store_iplb(&iplb)) {
> - IPL_assert(iplb.pbt == S390_IPL_TYPE_CCW, "IPL_TYPE_CCW expected");
> - dev_no = iplb.ccw.devno;
> + if (have_iplb || store_iplb(iplb)) {
> + IPL_assert(iplb->pbt == S390_IPL_TYPE_CCW, "IPL_TYPE_CCW expected");
> + dev_no = iplb->ccw.devno;
> debug_print_int("device no. ", dev_no);
> - net_schid.ssid = iplb.ccw.ssid & 0x3;
> + net_schid.ssid = iplb->ccw.ssid & 0x3;
> debug_print_int("ssid ", net_schid.ssid);
> found = find_net_dev(&schib, dev_no);
> } else {
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 17/35] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (15 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 16/35] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 1:47 ` Jared Rossi
2026-07-01 20:49 ` [PATCH v12 18/35] hw/s390x/ipl: Rework s390_ipl_map_iplb_chain for certificate storage Zhuoying Cai
` (17 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Add IPIB flags to IPL Parameter Block to determine if IPL needs to
perform securely and if IPL Information Report Block (IIRB) exists.
Move DIAG308 flags to a separated header file and add flags for secure IPL.
Move IPLB length related definitions to include/hw/s390x/ipl/qipl.h and
add a maximum length constant to support secure IPL.
Secure boot in audit mode will perform if certificate(s) exist in the
key store. IIRB will exist and results of verification will be stored in
IIRB.
To ensure proper alignment of the IIRB and prevent overlap, set
iplb->len to the maximum length of the IPLB, allowing alignment
constraints to be determined based on its size.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
---
hw/s390x/ipl.c | 21 +++++++++++++++++++++
hw/s390x/ipl.h | 24 ------------------------
include/hw/s390x/ipl/diag308.h | 34 ++++++++++++++++++++++++++++++++++
include/hw/s390x/ipl/qipl.h | 13 ++++++++++++-
4 files changed, 67 insertions(+), 25 deletions(-)
create mode 100644 include/hw/s390x/ipl/diag308.h
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index 09c24203c7..9cb41511e8 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -461,6 +461,13 @@ S390IPLCertificateStore *s390_ipl_get_certificate_store(void)
return &ipl->cert_store;
}
+static bool s390_has_certificate(void)
+{
+ S390IPLState *ipl = get_ipl_device();
+
+ return ipl->cert_store.count > 0;
+}
+
static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
{
CcwDevice *ccw_dev = NULL;
@@ -517,6 +524,20 @@ static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
s390_ipl_convert_loadparm((char *)lp, iplb->loadparm);
iplb->flags |= DIAG308_FLAGS_LP_VALID;
+ /*
+ * Secure boot in audit mode will perform
+ * if certificate(s) exist in the key store.
+ *
+ * IPL Information Report Block (IIRB) will exist
+ * for secure boot in audit mode.
+ *
+ * Results of secure boot will be stored in IIRB.
+ */
+ if (s390_has_certificate()) {
+ iplb->hdr_flags |= DIAG308_IPIB_FLAGS_IPLIR;
+ iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
+ }
+
return true;
}
diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
index f5a49a4431..9807ef18f2 100644
--- a/hw/s390x/ipl.h
+++ b/hw/s390x/ipl.h
@@ -23,7 +23,6 @@
#include "qom/object.h"
#include "target/s390x/kvm/pv.h"
-#define DIAG308_FLAGS_LP_VALID 0x80
#define MAX_BOOT_DEVS 8 /* Max number of devices that may have a bootindex */
void s390_ipl_convert_loadparm(char *ascii_lp, uint8_t *ebcdic_lp);
@@ -90,29 +89,6 @@ struct S390IPLState {
};
QEMU_BUILD_BUG_MSG(offsetof(S390IPLState, iplb) & 3, "alignment of iplb wrong");
-#define DIAG_308_RC_OK 0x0001
-#define DIAG_308_RC_NO_CONF 0x0102
-#define DIAG_308_RC_INVALID 0x0402
-#define DIAG_308_RC_NO_PV_CONF 0x0902
-#define DIAG_308_RC_INVAL_FOR_PV 0x0a02
-
-#define DIAG308_RESET_MOD_CLR 0
-#define DIAG308_RESET_LOAD_NORM 1
-#define DIAG308_LOAD_CLEAR 3
-#define DIAG308_LOAD_NORMAL_DUMP 4
-#define DIAG308_SET 5
-#define DIAG308_STORE 6
-#define DIAG308_PV_SET 8
-#define DIAG308_PV_STORE 9
-#define DIAG308_PV_START 10
-
-#define S390_IPLB_HEADER_LEN 8
-#define S390_IPLB_MIN_PV_LEN 148
-#define S390_IPLB_MIN_CCW_LEN 200
-#define S390_IPLB_MIN_FCP_LEN 384
-#define S390_IPLB_MIN_PCI_LEN 376
-#define S390_IPLB_MIN_QEMU_SCSI_LEN 200
-
static inline bool iplb_valid_len(IplParameterBlock *iplb)
{
return be32_to_cpu(iplb->len) <= sizeof(IplParameterBlock);
diff --git a/include/hw/s390x/ipl/diag308.h b/include/hw/s390x/ipl/diag308.h
new file mode 100644
index 0000000000..6e62f29215
--- /dev/null
+++ b/include/hw/s390x/ipl/diag308.h
@@ -0,0 +1,34 @@
+/*
+ * S/390 DIAGNOSE 308 definitions and structures
+ *
+ * Copyright 2025 IBM Corp.
+ * Author(s): Zhuoying Cai <zycai@linux.ibm.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef S390X_DIAG308_H
+#define S390X_DIAG308_H
+
+#define DIAG_308_RC_OK 0x0001
+#define DIAG_308_RC_NO_CONF 0x0102
+#define DIAG_308_RC_INVALID 0x0402
+#define DIAG_308_RC_NO_PV_CONF 0x0902
+#define DIAG_308_RC_INVAL_FOR_PV 0x0a02
+
+#define DIAG308_RESET_MOD_CLR 0
+#define DIAG308_RESET_LOAD_NORM 1
+#define DIAG308_LOAD_CLEAR 3
+#define DIAG308_LOAD_NORMAL_DUMP 4
+#define DIAG308_SET 5
+#define DIAG308_STORE 6
+#define DIAG308_PV_SET 8
+#define DIAG308_PV_STORE 9
+#define DIAG308_PV_START 10
+
+#define DIAG308_FLAGS_LP_VALID 0x80
+
+#define DIAG308_IPIB_FLAGS_SIPL 0x40
+#define DIAG308_IPIB_FLAGS_IPLIR 0x20
+
+#endif
diff --git a/include/hw/s390x/ipl/qipl.h b/include/hw/s390x/ipl/qipl.h
index 9940f1457c..a2180719b1 100644
--- a/include/hw/s390x/ipl/qipl.h
+++ b/include/hw/s390x/ipl/qipl.h
@@ -12,6 +12,8 @@
#ifndef S390X_QIPL_H
#define S390X_QIPL_H
+#include "diag308.h"
+
/* Boot Menu flags */
#define QIPL_FLAG_BM_OPTS_CMD 0x80
#define QIPL_FLAG_BM_OPTS_ZIPL 0x40
@@ -31,6 +33,14 @@ typedef enum S390IplType S390IplType;
#define QEMU_DEFAULT_IPL S390_IPL_TYPE_CCW
+#define S390_IPLB_HEADER_LEN 8
+#define S390_IPLB_MIN_PV_LEN 148
+#define S390_IPLB_MIN_CCW_LEN 200
+#define S390_IPLB_MIN_FCP_LEN 384
+#define S390_IPLB_MIN_PCI_LEN 376
+#define S390_IPLB_MIN_QEMU_SCSI_LEN 200
+#define S390_IPLB_MAX_LEN 4096
+
#define MAX_CERTIFICATES 64
/* largest supported block size - same as VIRTIO_DASD_DEFAULT_BLOCK_SIZE */
#define VIRTIO_MAX_BLOCK_SIZE 4096
@@ -125,7 +135,8 @@ typedef struct IplBlockPci IplBlockPci;
union IplParameterBlock {
struct {
uint32_t len;
- uint8_t reserved0[3];
+ uint8_t hdr_flags;
+ uint8_t reserved0[2];
uint8_t version;
uint32_t blk0_len;
uint8_t pbt;
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 17/35] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block
2026-07-01 20:49 ` [PATCH v12 17/35] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block Zhuoying Cai
@ 2026-07-02 1:47 ` Jared Rossi
0 siblings, 0 replies; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 1:47 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> Add IPIB flags to IPL Parameter Block to determine if IPL needs to
> perform securely and if IPL Information Report Block (IIRB) exists.
>
> Move DIAG308 flags to a separated header file and add flags for secure IPL.
> Move IPLB length related definitions to include/hw/s390x/ipl/qipl.h and
> add a maximum length constant to support secure IPL.
>
> Secure boot in audit mode will perform if certificate(s) exist in the
> key store. IIRB will exist and results of verification will be stored in
> IIRB.
>
> To ensure proper alignment of the IIRB and prevent overlap, set
> iplb->len to the maximum length of the IPLB, allowing alignment
> constraints to be determined based on its size.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
> Reviewed-by: Collin Walling <walling@linux.ibm.com>
> ---
> hw/s390x/ipl.c | 21 +++++++++++++++++++++
> hw/s390x/ipl.h | 24 ------------------------
> include/hw/s390x/ipl/diag308.h | 34 ++++++++++++++++++++++++++++++++++
> include/hw/s390x/ipl/qipl.h | 13 ++++++++++++-
> 4 files changed, 67 insertions(+), 25 deletions(-)
> create mode 100644 include/hw/s390x/ipl/diag308.h
>
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index 09c24203c7..9cb41511e8 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -461,6 +461,13 @@ S390IPLCertificateStore *s390_ipl_get_certificate_store(void)
> return &ipl->cert_store;
> }
>
> +static bool s390_has_certificate(void)
> +{
> + S390IPLState *ipl = get_ipl_device();
> +
> + return ipl->cert_store.count > 0;
> +}
> +
> static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
> {
> CcwDevice *ccw_dev = NULL;
> @@ -517,6 +524,20 @@ static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
> s390_ipl_convert_loadparm((char *)lp, iplb->loadparm);
> iplb->flags |= DIAG308_FLAGS_LP_VALID;
>
> + /*
> + * Secure boot in audit mode will perform
> + * if certificate(s) exist in the key store.
> + *
> + * IPL Information Report Block (IIRB) will exist
> + * for secure boot in audit mode.
> + *
> + * Results of secure boot will be stored in IIRB.
> + */
> + if (s390_has_certificate()) {
> + iplb->hdr_flags |= DIAG308_IPIB_FLAGS_IPLIR;
> + iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
> + }
> +
> return true;
> }
>
> diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
> index f5a49a4431..9807ef18f2 100644
> --- a/hw/s390x/ipl.h
> +++ b/hw/s390x/ipl.h
> @@ -23,7 +23,6 @@
> #include "qom/object.h"
> #include "target/s390x/kvm/pv.h"
>
> -#define DIAG308_FLAGS_LP_VALID 0x80
> #define MAX_BOOT_DEVS 8 /* Max number of devices that may have a bootindex */
>
> void s390_ipl_convert_loadparm(char *ascii_lp, uint8_t *ebcdic_lp);
> @@ -90,29 +89,6 @@ struct S390IPLState {
> };
> QEMU_BUILD_BUG_MSG(offsetof(S390IPLState, iplb) & 3, "alignment of iplb wrong");
>
> -#define DIAG_308_RC_OK 0x0001
> -#define DIAG_308_RC_NO_CONF 0x0102
> -#define DIAG_308_RC_INVALID 0x0402
> -#define DIAG_308_RC_NO_PV_CONF 0x0902
> -#define DIAG_308_RC_INVAL_FOR_PV 0x0a02
> -
> -#define DIAG308_RESET_MOD_CLR 0
> -#define DIAG308_RESET_LOAD_NORM 1
> -#define DIAG308_LOAD_CLEAR 3
> -#define DIAG308_LOAD_NORMAL_DUMP 4
> -#define DIAG308_SET 5
> -#define DIAG308_STORE 6
> -#define DIAG308_PV_SET 8
> -#define DIAG308_PV_STORE 9
> -#define DIAG308_PV_START 10
> -
> -#define S390_IPLB_HEADER_LEN 8
> -#define S390_IPLB_MIN_PV_LEN 148
> -#define S390_IPLB_MIN_CCW_LEN 200
> -#define S390_IPLB_MIN_FCP_LEN 384
> -#define S390_IPLB_MIN_PCI_LEN 376
> -#define S390_IPLB_MIN_QEMU_SCSI_LEN 200
> -
> static inline bool iplb_valid_len(IplParameterBlock *iplb)
> {
> return be32_to_cpu(iplb->len) <= sizeof(IplParameterBlock);
> diff --git a/include/hw/s390x/ipl/diag308.h b/include/hw/s390x/ipl/diag308.h
> new file mode 100644
> index 0000000000..6e62f29215
> --- /dev/null
> +++ b/include/hw/s390x/ipl/diag308.h
> @@ -0,0 +1,34 @@
> +/*
> + * S/390 DIAGNOSE 308 definitions and structures
> + *
> + * Copyright 2025 IBM Corp.
> + * Author(s): Zhuoying Cai <zycai@linux.ibm.com>
> + *
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + */
> +
> +#ifndef S390X_DIAG308_H
> +#define S390X_DIAG308_H
> +
> +#define DIAG_308_RC_OK 0x0001
> +#define DIAG_308_RC_NO_CONF 0x0102
> +#define DIAG_308_RC_INVALID 0x0402
> +#define DIAG_308_RC_NO_PV_CONF 0x0902
> +#define DIAG_308_RC_INVAL_FOR_PV 0x0a02
> +
> +#define DIAG308_RESET_MOD_CLR 0
> +#define DIAG308_RESET_LOAD_NORM 1
> +#define DIAG308_LOAD_CLEAR 3
> +#define DIAG308_LOAD_NORMAL_DUMP 4
> +#define DIAG308_SET 5
> +#define DIAG308_STORE 6
> +#define DIAG308_PV_SET 8
> +#define DIAG308_PV_STORE 9
> +#define DIAG308_PV_START 10
> +
> +#define DIAG308_FLAGS_LP_VALID 0x80
> +
> +#define DIAG308_IPIB_FLAGS_SIPL 0x40
> +#define DIAG308_IPIB_FLAGS_IPLIR 0x20
> +
> +#endif
> diff --git a/include/hw/s390x/ipl/qipl.h b/include/hw/s390x/ipl/qipl.h
> index 9940f1457c..a2180719b1 100644
> --- a/include/hw/s390x/ipl/qipl.h
> +++ b/include/hw/s390x/ipl/qipl.h
> @@ -12,6 +12,8 @@
> #ifndef S390X_QIPL_H
> #define S390X_QIPL_H
>
> +#include "diag308.h"
> +
> /* Boot Menu flags */
> #define QIPL_FLAG_BM_OPTS_CMD 0x80
> #define QIPL_FLAG_BM_OPTS_ZIPL 0x40
> @@ -31,6 +33,14 @@ typedef enum S390IplType S390IplType;
>
> #define QEMU_DEFAULT_IPL S390_IPL_TYPE_CCW
>
> +#define S390_IPLB_HEADER_LEN 8
> +#define S390_IPLB_MIN_PV_LEN 148
> +#define S390_IPLB_MIN_CCW_LEN 200
> +#define S390_IPLB_MIN_FCP_LEN 384
> +#define S390_IPLB_MIN_PCI_LEN 376
> +#define S390_IPLB_MIN_QEMU_SCSI_LEN 200
> +#define S390_IPLB_MAX_LEN 4096
> +
> #define MAX_CERTIFICATES 64
> /* largest supported block size - same as VIRTIO_DASD_DEFAULT_BLOCK_SIZE */
> #define VIRTIO_MAX_BLOCK_SIZE 4096
> @@ -125,7 +135,8 @@ typedef struct IplBlockPci IplBlockPci;
> union IplParameterBlock {
> struct {
> uint32_t len;
> - uint8_t reserved0[3];
> + uint8_t hdr_flags;
> + uint8_t reserved0[2];
> uint8_t version;
> uint32_t blk0_len;
> uint8_t pbt;
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 18/35] hw/s390x/ipl: Rework s390_ipl_map_iplb_chain for certificate storage
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (16 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 17/35] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 14:56 ` Eric Farman
2026-07-01 20:49 ` [PATCH v12 19/35] s390x: Guest support for Secure-IPL Facility Zhuoying Cai
` (16 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Rework s390_ipl_map_iplb_chain to always allocate maximum memory for
the IPLB chain, regardless of the number of boot devices. This space
is also used to store certificates during secure boot, providing a
safe location for certificates until the kernel reads them during boot.
Rename next_iplb to ipl_data to better reflect its multiple purposes:
storing both IPLB chains and certificate data.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
hw/s390x/ipl.c | 13 ++++++++++---
include/hw/s390x/ipl/qipl.h | 2 +-
pc-bios/s390-ccw/iplb.h | 4 ++--
3 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index 9cb41511e8..7734b6edc7 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -425,10 +425,9 @@ static S390PCIBusDevice *s390_get_pci_device(DeviceState *dev_st, int *devtype)
return pbdev;
}
-static uint64_t s390_ipl_map_iplb_chain(IplParameterBlock *iplb_chain)
+static uint64_t s390_ipl_map_iplb_chain(IplParameterBlock *iplb_chain, uint16_t count)
{
S390IPLState *ipl = get_ipl_device();
- uint16_t count = be16_to_cpu(ipl->qipl.chain_len);
uint64_t len = sizeof(IplParameterBlock) * count;
uint64_t chain_addr = find_iplb_chain_addr(ipl->bios_start_addr, count);
@@ -629,8 +628,16 @@ static bool s390_init_all_iplbs(S390IPLState *ipl)
dev_st = get_boot_device(i);
s390_build_iplb(dev_st, &iplb_chain[i - 1]);
}
+ }
- ipl->qipl.next_iplb = cpu_to_be64(s390_ipl_map_iplb_chain(iplb_chain));
+ /*
+ * Allocate maximum space for IPLB chain and/or certificate storage.
+ * Once a valid boot device is found, this space will be used to store
+ * certificates if secure boot is enabled.
+ */
+ if (iplb_num > 1 || s390_has_certificate()) {
+ ipl->qipl.ipl_data = cpu_to_be64(s390_ipl_map_iplb_chain(iplb_chain,
+ MAX_BOOT_DEVS - 1));
}
return iplb_num;
diff --git a/include/hw/s390x/ipl/qipl.h b/include/hw/s390x/ipl/qipl.h
index a2180719b1..2b29dfa8c5 100644
--- a/include/hw/s390x/ipl/qipl.h
+++ b/include/hw/s390x/ipl/qipl.h
@@ -61,7 +61,7 @@ struct QemuIplParameters {
uint32_t boot_menu_timeout;
uint8_t reserved3[2];
uint16_t chain_len;
- uint64_t next_iplb;
+ uint64_t ipl_data;
} QEMU_PACKED;
typedef struct QemuIplParameters QemuIplParameters;
diff --git a/pc-bios/s390-ccw/iplb.h b/pc-bios/s390-ccw/iplb.h
index c92a3d0f0c..c807e7f49b 100644
--- a/pc-bios/s390-ccw/iplb.h
+++ b/pc-bios/s390-ccw/iplb.h
@@ -61,11 +61,11 @@ static inline bool load_next_iplb(void)
}
qipl.index++;
- next_iplb = (IplParameterBlock *) qipl.next_iplb;
+ next_iplb = (IplParameterBlock *) qipl.ipl_data;
memcpy(iplb, next_iplb, sizeof(IplParameterBlock));
qipl.chain_len--;
- qipl.next_iplb = qipl.next_iplb + sizeof(IplParameterBlock);
+ qipl.ipl_data = qipl.ipl_data + sizeof(IplParameterBlock);
return true;
}
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 18/35] hw/s390x/ipl: Rework s390_ipl_map_iplb_chain for certificate storage
2026-07-01 20:49 ` [PATCH v12 18/35] hw/s390x/ipl: Rework s390_ipl_map_iplb_chain for certificate storage Zhuoying Cai
@ 2026-07-02 14:56 ` Eric Farman
2026-07-02 15:38 ` Jared Rossi
0 siblings, 1 reply; 71+ messages in thread
From: Eric Farman @ 2026-07-02 14:56 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On Wed, 2026-07-01 at 16:49 -0400, Zhuoying Cai wrote:
> Rework s390_ipl_map_iplb_chain to always allocate maximum memory for
> the IPLB chain, regardless of the number of boot devices. This space
> is also used to store certificates during secure boot, providing a
> safe location for certificates until the kernel reads them during boot.
>
> Rename next_iplb to ipl_data to better reflect its multiple purposes:
> storing both IPLB chains and certificate data.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> hw/s390x/ipl.c | 13 ++++++++++---
> include/hw/s390x/ipl/qipl.h | 2 +-
> pc-bios/s390-ccw/iplb.h | 4 ++--
> 3 files changed, 13 insertions(+), 6 deletions(-)
>
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index 9cb41511e8..7734b6edc7 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -425,10 +425,9 @@ static S390PCIBusDevice *s390_get_pci_device(DeviceState *dev_st, int *devtype)
> return pbdev;
> }
>
> -static uint64_t s390_ipl_map_iplb_chain(IplParameterBlock *iplb_chain)
> +static uint64_t s390_ipl_map_iplb_chain(IplParameterBlock *iplb_chain, uint16_t count)
> {
> S390IPLState *ipl = get_ipl_device();
> - uint16_t count = be16_to_cpu(ipl->qipl.chain_len);
> uint64_t len = sizeof(IplParameterBlock) * count;
> uint64_t chain_addr = find_iplb_chain_addr(ipl->bios_start_addr, count);
>
> @@ -629,8 +628,16 @@ static bool s390_init_all_iplbs(S390IPLState *ipl)
> dev_st = get_boot_device(i);
> s390_build_iplb(dev_st, &iplb_chain[i - 1]);
> }
> + }
>
> - ipl->qipl.next_iplb = cpu_to_be64(s390_ipl_map_iplb_chain(iplb_chain));
> + /*
> + * Allocate maximum space for IPLB chain and/or certificate storage.
> + * Once a valid boot device is found, this space will be used to store
> + * certificates if secure boot is enabled.
> + */
> + if (iplb_num > 1 || s390_has_certificate()) {
> + ipl->qipl.ipl_data = cpu_to_be64(s390_ipl_map_iplb_chain(iplb_chain,
> + MAX_BOOT_DEVS - 1));
I think iplb_chain needs to be explicitly initialized to zero now that you're allocating a larger
space. load_next_iplb() is still honoring the length of the count when walking the IPLBs, but the
above does a memcpy of the whole array.
> }
>
> return iplb_num;
> diff --git a/include/hw/s390x/ipl/qipl.h b/include/hw/s390x/ipl/qipl.h
> index a2180719b1..2b29dfa8c5 100644
> --- a/include/hw/s390x/ipl/qipl.h
> +++ b/include/hw/s390x/ipl/qipl.h
> @@ -61,7 +61,7 @@ struct QemuIplParameters {
> uint32_t boot_menu_timeout;
> uint8_t reserved3[2];
> uint16_t chain_len;
> - uint64_t next_iplb;
> + uint64_t ipl_data;
> } QEMU_PACKED;
> typedef struct QemuIplParameters QemuIplParameters;
>
> diff --git a/pc-bios/s390-ccw/iplb.h b/pc-bios/s390-ccw/iplb.h
> index c92a3d0f0c..c807e7f49b 100644
> --- a/pc-bios/s390-ccw/iplb.h
> +++ b/pc-bios/s390-ccw/iplb.h
> @@ -61,11 +61,11 @@ static inline bool load_next_iplb(void)
> }
>
> qipl.index++;
> - next_iplb = (IplParameterBlock *) qipl.next_iplb;
> + next_iplb = (IplParameterBlock *) qipl.ipl_data;
> memcpy(iplb, next_iplb, sizeof(IplParameterBlock));
>
> qipl.chain_len--;
> - qipl.next_iplb = qipl.next_iplb + sizeof(IplParameterBlock);
> + qipl.ipl_data = qipl.ipl_data + sizeof(IplParameterBlock);
>
> return true;
> }
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 18/35] hw/s390x/ipl: Rework s390_ipl_map_iplb_chain for certificate storage
2026-07-02 14:56 ` Eric Farman
@ 2026-07-02 15:38 ` Jared Rossi
0 siblings, 0 replies; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 15:38 UTC (permalink / raw)
To: Eric Farman, Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/2/26 10:56 AM, Eric Farman wrote:
> On Wed, 2026-07-01 at 16:49 -0400, Zhuoying Cai wrote:
>> Rework s390_ipl_map_iplb_chain to always allocate maximum memory for
>> the IPLB chain, regardless of the number of boot devices. This space
>> is also used to store certificates during secure boot, providing a
>> safe location for certificates until the kernel reads them during boot.
>>
>> Rename next_iplb to ipl_data to better reflect its multiple purposes:
>> storing both IPLB chains and certificate data.
>>
>> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
>> ---
>> hw/s390x/ipl.c | 13 ++++++++++---
>> include/hw/s390x/ipl/qipl.h | 2 +-
>> pc-bios/s390-ccw/iplb.h | 4 ++--
>> 3 files changed, 13 insertions(+), 6 deletions(-)
>>
>> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
>> index 9cb41511e8..7734b6edc7 100644
>> --- a/hw/s390x/ipl.c
>> +++ b/hw/s390x/ipl.c
>> @@ -425,10 +425,9 @@ static S390PCIBusDevice *s390_get_pci_device(DeviceState *dev_st, int *devtype)
>> return pbdev;
>> }
>>
>> -static uint64_t s390_ipl_map_iplb_chain(IplParameterBlock *iplb_chain)
>> +static uint64_t s390_ipl_map_iplb_chain(IplParameterBlock *iplb_chain, uint16_t count)
>> {
>> S390IPLState *ipl = get_ipl_device();
>> - uint16_t count = be16_to_cpu(ipl->qipl.chain_len);
>> uint64_t len = sizeof(IplParameterBlock) * count;
>> uint64_t chain_addr = find_iplb_chain_addr(ipl->bios_start_addr, count);
>>
>> @@ -629,8 +628,16 @@ static bool s390_init_all_iplbs(S390IPLState *ipl)
>> dev_st = get_boot_device(i);
>> s390_build_iplb(dev_st, &iplb_chain[i - 1]);
>> }
>> + }
>>
>> - ipl->qipl.next_iplb = cpu_to_be64(s390_ipl_map_iplb_chain(iplb_chain));
>> + /*
>> + * Allocate maximum space for IPLB chain and/or certificate storage.
>> + * Once a valid boot device is found, this space will be used to store
>> + * certificates if secure boot is enabled.
>> + */
>> + if (iplb_num > 1 || s390_has_certificate()) {
>> + ipl->qipl.ipl_data = cpu_to_be64(s390_ipl_map_iplb_chain(iplb_chain,
>> + MAX_BOOT_DEVS - 1));
> I think iplb_chain needs to be explicitly initialized to zero now that you're allocating a larger
> space. load_next_iplb() is still honoring the length of the count when walking the IPLBs, but the
> above does a memcpy of the whole array.
>
+1. Eric is correct. I missed this in my review. We copy all 7 IPLB
chain indices, but build_iplb() only populates the indices it actually
needs and the array isn't automatically cleared when it is first
declared, so it could potentially contain garbage at the end.
Thanks,
Jared Rossi
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 19/35] s390x: Guest support for Secure-IPL Facility
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (17 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 18/35] hw/s390x/ipl: Rework s390_ipl_map_iplb_chain for certificate storage Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-01 20:49 ` [PATCH v12 20/35] pc-bios/s390-ccw: Refactor zipl_run() Zhuoying Cai
` (15 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Introduce Secure-IPL (SIPL) facility.
Use fac_ipl to represent bytes 136 and 137 for IPL device facilities
of the SCLP Read Info block.
Availability of SIPL facility is determined by byte 136 bit 1 of the
SCLP Read Info block. Byte 136's facilities cannot be represented
without the availability of the extended-length-SCCB, so add it as a
check for consistency.
Secure IPL is not available for guests under protected virtualization.
This feature is available starting with the gen16 CPU model.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
hw/s390x/sclp.c | 2 ++
include/hw/s390x/sclp.h | 4 +++-
target/s390x/cpu_features.c | 4 ++++
target/s390x/cpu_features.h | 1 +
target/s390x/cpu_features_def.h.inc | 3 +++
target/s390x/cpu_models.c | 2 ++
target/s390x/gen-features.c | 2 ++
target/s390x/kvm/kvm.c | 3 +++
8 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index b9c3983df1..666bae33f0 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -146,6 +146,8 @@ static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb)
if (s390_has_feat(S390_FEAT_EXTENDED_LENGTH_SCCB)) {
s390_get_feat_block(S390_FEAT_TYPE_SCLP_FAC134,
&read_info->fac134);
+ s390_get_feat_block(S390_FEAT_TYPE_SCLP_FAC_IPL,
+ read_info->fac_ipl);
}
read_info->facilities = cpu_to_be64(SCLP_HAS_CPU_INFO |
diff --git a/include/hw/s390x/sclp.h b/include/hw/s390x/sclp.h
index ddc61f1c21..a9595d8007 100644
--- a/include/hw/s390x/sclp.h
+++ b/include/hw/s390x/sclp.h
@@ -136,7 +136,9 @@ typedef struct ReadInfo {
uint32_t hmfai;
uint8_t _reserved7[134 - 128]; /* 128-133 */
uint8_t fac134;
- uint8_t _reserved8[144 - 135]; /* 135-143 */
+ uint8_t _reserved8;
+ uint8_t fac_ipl[2]; /* 136-137 */
+ uint8_t _reserved9[144 - 138]; /* 138-143 */
struct CPUEntry entries[];
/*
* When the Extended-Length SCCB (ELS) feature is enabled the
diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c
index 436471f4b4..200bd8c15b 100644
--- a/target/s390x/cpu_features.c
+++ b/target/s390x/cpu_features.c
@@ -119,6 +119,7 @@ void s390_fill_feat_block(const S390FeatBitmap features, S390FeatType type,
* Some facilities are not available for CPUs in protected mode:
* - All SIE facilities because SIE is not available
* - DIAG318
+ * - Secure IPL Facility
*
* As VMs can move in and out of protected mode the CPU model
* doesn't protect us from that problem because it is only
@@ -149,6 +150,9 @@ void s390_fill_feat_block(const S390FeatBitmap features, S390FeatType type,
clear_be_bit(s390_feat_def(S390_FEAT_DIAG_318)->bit, data);
clear_be_bit(s390_feat_def(S390_FEAT_CERT_STORE)->bit, data);
break;
+ case S390_FEAT_TYPE_SCLP_FAC_IPL:
+ clear_be_bit(s390_feat_def(S390_FEAT_SIPL)->bit, data);
+ break;
default:
return;
}
diff --git a/target/s390x/cpu_features.h b/target/s390x/cpu_features.h
index 5635839d03..b038198555 100644
--- a/target/s390x/cpu_features.h
+++ b/target/s390x/cpu_features.h
@@ -24,6 +24,7 @@ typedef enum {
S390_FEAT_TYPE_SCLP_CONF_CHAR,
S390_FEAT_TYPE_SCLP_CONF_CHAR_EXT,
S390_FEAT_TYPE_SCLP_FAC134,
+ S390_FEAT_TYPE_SCLP_FAC_IPL,
S390_FEAT_TYPE_SCLP_CPU,
S390_FEAT_TYPE_MISC,
S390_FEAT_TYPE_PLO,
diff --git a/target/s390x/cpu_features_def.h.inc b/target/s390x/cpu_features_def.h.inc
index 2976ecd0ee..bcf8a666e4 100644
--- a/target/s390x/cpu_features_def.h.inc
+++ b/target/s390x/cpu_features_def.h.inc
@@ -140,6 +140,9 @@ DEF_FEAT(SIE_IBS, "ibs", SCLP_CONF_CHAR_EXT, 10, "SIE: Interlock-and-broadcast-s
DEF_FEAT(DIAG_318, "diag318", SCLP_FAC134, 0, "Control program name and version codes")
DEF_FEAT(CERT_STORE, "cstore", SCLP_FAC134, 5, "Certificate Store functions")
+/* Features exposed via SCLP SCCB Facilities byte 136 - 137 (bit numbers relative to byte-136) */
+DEF_FEAT(SIPL, "sipl", SCLP_FAC_IPL, 1, "Secure-IPL facility")
+
/* Features exposed via SCLP CPU info. */
DEF_FEAT(SIE_F2, "sief2", SCLP_CPU, 4, "SIE: interception format 2 (Virtual SIE)")
DEF_FEAT(SIE_SKEY, "skey", SCLP_CPU, 5, "SIE: Storage-key facility")
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 962f135f42..a52e34aa95 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -263,6 +263,7 @@ bool s390_has_feat(S390Feat feat)
case S390_FEAT_SIE_CMMA:
case S390_FEAT_SIE_PFMFI:
case S390_FEAT_SIE_IBS:
+ case S390_FEAT_SIPL:
case S390_FEAT_CONFIGURATION_TOPOLOGY:
return false;
break;
@@ -507,6 +508,7 @@ static void check_consistency(const S390CPUModel *model)
{ S390_FEAT_AP_QUEUE_INTERRUPT_CONTROL, S390_FEAT_AP },
{ S390_FEAT_DIAG_318, S390_FEAT_EXTENDED_LENGTH_SCCB },
{ S390_FEAT_CERT_STORE, S390_FEAT_EXTENDED_LENGTH_SCCB },
+ { S390_FEAT_SIPL, S390_FEAT_EXTENDED_LENGTH_SCCB },
{ S390_FEAT_NNPA, S390_FEAT_VECTOR },
{ S390_FEAT_RDP, S390_FEAT_LOCAL_TLB_CLEARING },
{ S390_FEAT_UV_FEAT_AP, S390_FEAT_AP },
diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
index 6c20c3a862..bd2060ab93 100644
--- a/target/s390x/gen-features.c
+++ b/target/s390x/gen-features.c
@@ -721,6 +721,7 @@ static uint16_t full_GEN16_GA1[] = {
S390_FEAT_UV_FEAT_AP,
S390_FEAT_UV_FEAT_AP_INTR,
S390_FEAT_CERT_STORE,
+ S390_FEAT_SIPL,
};
static uint16_t full_GEN17_GA1[] = {
@@ -922,6 +923,7 @@ static uint16_t qemu_MAX[] = {
S390_FEAT_PRNO_TRNG,
S390_FEAT_EXTENDED_LENGTH_SCCB,
S390_FEAT_CERT_STORE,
+ S390_FEAT_SIPL,
};
/****** END FEATURE DEFS ******/
diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
index 56795837f5..61ac6c84a0 100644
--- a/target/s390x/kvm/kvm.c
+++ b/target/s390x/kvm/kvm.c
@@ -2501,6 +2501,9 @@ bool kvm_s390_get_host_cpu_model(S390CPUModel *model, Error **errp)
set_bit(S390_FEAT_CERT_STORE, model->features);
+ /* Some Secure IPL facilities are emulated by QEMU */
+ set_bit(S390_FEAT_SIPL, model->features);
+
/* Test for Ultravisor features that influence secure guest behavior */
query_uv_feat_guest(model->features);
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 20/35] pc-bios/s390-ccw: Refactor zipl_run()
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (18 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 19/35] s390x: Guest support for Secure-IPL Facility Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-01 20:49 ` [PATCH v12 21/35] pc-bios/s390-ccw: Rework zipl_load_segment function Zhuoying Cai
` (14 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Refactor to enhance readability before enabling secure IPL in later
patches.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
---
pc-bios/s390-ccw/bootmap.c | 51 ++++++++++++++++++++++++--------------
1 file changed, 33 insertions(+), 18 deletions(-)
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index 420ee32eff..b9ba004cfc 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -674,12 +674,42 @@ static int zipl_load_segment(ComponentEntry *entry)
return 0;
}
+static int zipl_run_normal(ComponentEntry **entry_ptr, uint8_t *tmp_sec)
+{
+ ComponentEntry *entry = *entry_ptr;
+
+ while (entry->component_type == ZIPL_COMP_ENTRY_LOAD ||
+ entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
+
+ /* Secure boot is off, so we skip signature entries */
+ if (entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
+ entry++;
+ continue;
+ }
+
+ if (zipl_load_segment(entry)) {
+ return -1;
+ }
+
+ entry++;
+
+ if ((uint8_t *)&entry[1] > tmp_sec + MAX_SECTOR_SIZE) {
+ puts("Wrong entry value");
+ return -EINVAL;
+ }
+ }
+
+ *entry_ptr = entry;
+ return 0;
+}
+
/* Run a zipl program */
static int zipl_run(ScsiBlockPtr *pte)
{
ComponentHeader *header;
ComponentEntry *entry;
uint8_t tmp_sec[MAX_SECTOR_SIZE];
+ int rc;
if (virtio_read(pte->blockno, tmp_sec)) {
puts("Cannot read header");
@@ -700,25 +730,10 @@ static int zipl_run(ScsiBlockPtr *pte)
/* Load image(s) into RAM */
entry = (ComponentEntry *)(&header[1]);
- while (entry->component_type == ZIPL_COMP_ENTRY_LOAD ||
- entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
-
- /* We don't support secure boot yet, so we skip signature entries */
- if (entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
- entry++;
- continue;
- }
-
- if (zipl_load_segment(entry)) {
- return -1;
- }
- entry++;
-
- if ((uint8_t *)(&entry[1]) > (tmp_sec + MAX_SECTOR_SIZE)) {
- puts("Wrong entry value");
- return -EINVAL;
- }
+ rc = zipl_run_normal(&entry, tmp_sec);
+ if (rc) {
+ return rc;
}
if (entry->component_type != ZIPL_COMP_ENTRY_EXEC) {
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 21/35] pc-bios/s390-ccw: Rework zipl_load_segment function
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (19 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 20/35] pc-bios/s390-ccw: Refactor zipl_run() Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 1:58 ` Jared Rossi
2026-07-01 20:49 ` [PATCH v12 22/35] pc-bios/s390-ccw: Introduce ZiplBootMode enum for IPL mode selection Zhuoying Cai
` (13 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Change zipl_load_segment() to accept explicit blockno and address
parameters instead of ComponentEntry pointer and return segment length.
Modify this function to allow the caller to specify a memory address
where segment data should be loaded into.
seg_len variable is necessary to store the calculated segment length and
is used during signature verification. Return the length on success, or
a negative return code on failure.
Remove static qualifier and add function declaration to bootmap.h to
make it accessible to other modules.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
---
pc-bios/s390-ccw/bootmap.c | 18 ++++++++++--------
pc-bios/s390-ccw/bootmap.h | 2 ++
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index b9ba004cfc..b19981feb1 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -613,19 +613,19 @@ static int ipl_eckd(void)
* IPL a SCSI disk
*/
-static int zipl_load_segment(ComponentEntry *entry)
+/*
+ * Returns: length of the segment on success,
+ * negative value on error.
+ */
+int zipl_load_segment(block_number_t blockno, uint64_t address)
{
const int max_entries = (MAX_SECTOR_SIZE / sizeof(ScsiBlockPtr));
ScsiBlockPtr *bprs = (void *)sec;
const int bprs_size = sizeof(sec);
- block_number_t blockno;
- uint64_t address;
int i;
char err_msg[] = "zIPL failed to read BPRS at 0xZZZZZZZZZZZZZZZZ";
char *blk_no = &err_msg[30]; /* where to print blockno in (those ZZs) */
-
- blockno = entry->data.blockno;
- address = entry->compdat.load_addr;
+ int seg_len = 0;
debug_print_int("loading segment at block", blockno);
debug_print_int("addr", address);
@@ -668,10 +668,12 @@ static int zipl_load_segment(ComponentEntry *entry)
puts("zIPL load segment failed");
return -EIO;
}
+
+ seg_len += bprs->size * (bprs[i].blockct + 1);
}
} while (blockno);
- return 0;
+ return seg_len;
}
static int zipl_run_normal(ComponentEntry **entry_ptr, uint8_t *tmp_sec)
@@ -687,7 +689,7 @@ static int zipl_run_normal(ComponentEntry **entry_ptr, uint8_t *tmp_sec)
continue;
}
- if (zipl_load_segment(entry)) {
+ if (zipl_load_segment(entry->data.blockno, entry->compdat.load_addr) < 0) {
return -1;
}
diff --git a/pc-bios/s390-ccw/bootmap.h b/pc-bios/s390-ccw/bootmap.h
index 95943441d3..8d61ac383c 100644
--- a/pc-bios/s390-ccw/bootmap.h
+++ b/pc-bios/s390-ccw/bootmap.h
@@ -113,6 +113,8 @@ typedef struct ScsiMbr {
ScsiBlockPtr pt; /* block pointer to program table */
} __attribute__ ((packed)) ScsiMbr;
+int zipl_load_segment(block_number_t blockno, uint64_t address);
+
#define ZIPL_MAGIC "zIPL"
#define ZIPL_MAGIC_EBCDIC "\xa9\xc9\xd7\xd3"
#define IPL1_MAGIC "\xc9\xd7\xd3\xf1" /* == "IPL1" in EBCDIC */
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 21/35] pc-bios/s390-ccw: Rework zipl_load_segment function
2026-07-01 20:49 ` [PATCH v12 21/35] pc-bios/s390-ccw: Rework zipl_load_segment function Zhuoying Cai
@ 2026-07-02 1:58 ` Jared Rossi
0 siblings, 0 replies; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 1:58 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> Change zipl_load_segment() to accept explicit blockno and address
> parameters instead of ComponentEntry pointer and return segment length.
>
> Modify this function to allow the caller to specify a memory address
> where segment data should be loaded into.
>
> seg_len variable is necessary to store the calculated segment length and
> is used during signature verification. Return the length on success, or
> a negative return code on failure.
>
> Remove static qualifier and add function declaration to bootmap.h to
> make it accessible to other modules.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
> Reviewed-by: Collin Walling <walling@linux.ibm.com>
> ---
> pc-bios/s390-ccw/bootmap.c | 18 ++++++++++--------
> pc-bios/s390-ccw/bootmap.h | 2 ++
> 2 files changed, 12 insertions(+), 8 deletions(-)
>
> diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
> index b9ba004cfc..b19981feb1 100644
> --- a/pc-bios/s390-ccw/bootmap.c
> +++ b/pc-bios/s390-ccw/bootmap.c
> @@ -613,19 +613,19 @@ static int ipl_eckd(void)
> * IPL a SCSI disk
> */
>
> -static int zipl_load_segment(ComponentEntry *entry)
> +/*
> + * Returns: length of the segment on success,
> + * negative value on error.
> + */
> +int zipl_load_segment(block_number_t blockno, uint64_t address)
> {
> const int max_entries = (MAX_SECTOR_SIZE / sizeof(ScsiBlockPtr));
> ScsiBlockPtr *bprs = (void *)sec;
> const int bprs_size = sizeof(sec);
> - block_number_t blockno;
> - uint64_t address;
> int i;
> char err_msg[] = "zIPL failed to read BPRS at 0xZZZZZZZZZZZZZZZZ";
> char *blk_no = &err_msg[30]; /* where to print blockno in (those ZZs) */
> -
> - blockno = entry->data.blockno;
> - address = entry->compdat.load_addr;
> + int seg_len = 0;
>
> debug_print_int("loading segment at block", blockno);
> debug_print_int("addr", address);
> @@ -668,10 +668,12 @@ static int zipl_load_segment(ComponentEntry *entry)
> puts("zIPL load segment failed");
> return -EIO;
> }
> +
> + seg_len += bprs->size * (bprs[i].blockct + 1);
> }
> } while (blockno);
>
> - return 0;
> + return seg_len;
> }
>
> static int zipl_run_normal(ComponentEntry **entry_ptr, uint8_t *tmp_sec)
> @@ -687,7 +689,7 @@ static int zipl_run_normal(ComponentEntry **entry_ptr, uint8_t *tmp_sec)
> continue;
> }
>
> - if (zipl_load_segment(entry)) {
> + if (zipl_load_segment(entry->data.blockno, entry->compdat.load_addr) < 0) {
> return -1;
> }
>
> diff --git a/pc-bios/s390-ccw/bootmap.h b/pc-bios/s390-ccw/bootmap.h
> index 95943441d3..8d61ac383c 100644
> --- a/pc-bios/s390-ccw/bootmap.h
> +++ b/pc-bios/s390-ccw/bootmap.h
> @@ -113,6 +113,8 @@ typedef struct ScsiMbr {
> ScsiBlockPtr pt; /* block pointer to program table */
> } __attribute__ ((packed)) ScsiMbr;
>
> +int zipl_load_segment(block_number_t blockno, uint64_t address);
> +
> #define ZIPL_MAGIC "zIPL"
> #define ZIPL_MAGIC_EBCDIC "\xa9\xc9\xd7\xd3"
> #define IPL1_MAGIC "\xc9\xd7\xd3\xf1" /* == "IPL1" in EBCDIC */
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 22/35] pc-bios/s390-ccw: Introduce ZiplBootMode enum for IPL mode selection
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (20 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 21/35] pc-bios/s390-ccw: Rework zipl_load_segment function Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 2:01 ` Jared Rossi
2026-07-01 20:49 ` [PATCH v12 23/35] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode Zhuoying Cai
` (12 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Add ZiplBootMode enumeration to support multiple IPL boot configurations.
Boot modes differentiate between normal boot and secure IPL operations,
enabled based on boot certificates specified via the boot-certs option.
Normal Mode: IPL when no certificates are provided. No signature
verification is performed.
This prepares for future secure IPL modes requiring signature
verification.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
---
docs/system/s390x/secure-ipl.rst | 21 +++++++++++++++++++++
pc-bios/s390-ccw/bootmap.c | 16 +++++++++++++++-
pc-bios/s390-ccw/main.c | 6 ++++++
pc-bios/s390-ccw/s390-ccw.h | 6 ++++++
4 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/docs/system/s390x/secure-ipl.rst b/docs/system/s390x/secure-ipl.rst
index 88df52ce2f..9d7d33f5ed 100644
--- a/docs/system/s390x/secure-ipl.rst
+++ b/docs/system/s390x/secure-ipl.rst
@@ -18,3 +18,24 @@ Note: certificate files must have a .pem extension.
.. code-block:: shell
qemu-system-s390x -machine s390-ccw-virtio,boot-certs.0.path=/.../qemu/certs,boot-certs.1.path=/another/path/cert.pem ...
+
+
+IPL Modes
+---------
+
+Multiple IPL modes are available to differentiate between the various IPL
+configurations. These modes are mutually exclusive and enabled based on the
+``boot-certs`` option on the QEMU command line.
+
+Normal Mode
+^^^^^^^^^^^
+
+The absence of certificates will attempt to IPL a guest without secure IPL
+operations. No checks are performed, and no warnings/errors are reported.
+This is the default mode.
+
+Configuration:
+
+.. code-block:: shell
+
+ qemu-system-s390x -machine s390-ccw-virtio ...
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index b19981feb1..667a69f80d 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -733,7 +733,14 @@ static int zipl_run(ScsiBlockPtr *pte)
/* Load image(s) into RAM */
entry = (ComponentEntry *)(&header[1]);
- rc = zipl_run_normal(&entry, tmp_sec);
+ switch (boot_mode) {
+ case ZIPL_BOOT_MODE_NORMAL:
+ rc = zipl_run_normal(&entry, tmp_sec);
+ break;
+ default:
+ panic("Unknown boot mode");
+ }
+
if (rc) {
return rc;
}
@@ -1105,12 +1112,16 @@ void zipl_load(void)
VDev *vdev = virtio_get_device();
if (vdev->is_cdrom) {
+ IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
+ "Secure boot from ISO image is not supported!");
ipl_iso_el_torito();
puts("Failed to IPL this ISO image!");
return;
}
if (virtio_get_device_type() == VIRTIO_ID_NET) {
+ IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
+ "Virtio net boot device does not support secure boot!");
netmain();
puts("Failed to IPL from this network!");
return;
@@ -1121,6 +1132,9 @@ void zipl_load(void)
return;
}
+ IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
+ "Secure boot with the ECKD scheme is not supported!");
+
switch (virtio_get_device_type()) {
case VIRTIO_ID_BLOCK:
zipl_load_vblk();
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index b8f836c682..cd3d0776b0 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -30,6 +30,7 @@ IplParameterBlock *iplb;
bool have_iplb;
static uint16_t cutype;
LowCore *lowcore; /* Yes, this *is* a pointer to address 0 */
+ZiplBootMode boot_mode;
#define LOADPARM_PROMPT "PROMPT "
#define LOADPARM_EMPTY " "
@@ -303,6 +304,9 @@ static void ipl_ccw_device(void)
switch (cutype) {
case CU_TYPE_DASD_3990:
case CU_TYPE_DASD_2107:
+ IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
+ "Passthrough (vfio) CCW device does not support secure boot!");
+
dasd_ipl(blk_schid, cutype);
break;
case CU_TYPE_VIRTIO:
@@ -390,6 +394,8 @@ void main(void)
probe_boot_device();
}
+ boot_mode = ZIPL_BOOT_MODE_NORMAL;
+
while (have_iplb) {
boot_setup();
if (have_iplb && find_boot_device()) {
diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
index 1e1f71775e..5420443ad2 100644
--- a/pc-bios/s390-ccw/s390-ccw.h
+++ b/pc-bios/s390-ccw/s390-ccw.h
@@ -69,6 +69,12 @@ int sclp_read(char *str, size_t count);
/* bootmap.c */
void zipl_load(void);
+typedef enum ZiplBootMode {
+ ZIPL_BOOT_MODE_NORMAL = 0,
+} ZiplBootMode;
+
+extern ZiplBootMode boot_mode;
+
/* jump2ipl.c */
void write_reset_psw(uint64_t psw);
int jump_to_IPL_code(uint64_t address);
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 22/35] pc-bios/s390-ccw: Introduce ZiplBootMode enum for IPL mode selection
2026-07-01 20:49 ` [PATCH v12 22/35] pc-bios/s390-ccw: Introduce ZiplBootMode enum for IPL mode selection Zhuoying Cai
@ 2026-07-02 2:01 ` Jared Rossi
0 siblings, 0 replies; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 2:01 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> Add ZiplBootMode enumeration to support multiple IPL boot configurations.
> Boot modes differentiate between normal boot and secure IPL operations,
> enabled based on boot certificates specified via the boot-certs option.
>
> Normal Mode: IPL when no certificates are provided. No signature
> verification is performed.
>
> This prepares for future secure IPL modes requiring signature
> verification.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> Reviewed-by: Collin Walling <walling@linux.ibm.com>
> ---
> docs/system/s390x/secure-ipl.rst | 21 +++++++++++++++++++++
> pc-bios/s390-ccw/bootmap.c | 16 +++++++++++++++-
> pc-bios/s390-ccw/main.c | 6 ++++++
> pc-bios/s390-ccw/s390-ccw.h | 6 ++++++
> 4 files changed, 48 insertions(+), 1 deletion(-)
>
> diff --git a/docs/system/s390x/secure-ipl.rst b/docs/system/s390x/secure-ipl.rst
> index 88df52ce2f..9d7d33f5ed 100644
> --- a/docs/system/s390x/secure-ipl.rst
> +++ b/docs/system/s390x/secure-ipl.rst
> @@ -18,3 +18,24 @@ Note: certificate files must have a .pem extension.
> .. code-block:: shell
>
> qemu-system-s390x -machine s390-ccw-virtio,boot-certs.0.path=/.../qemu/certs,boot-certs.1.path=/another/path/cert.pem ...
> +
> +
> +IPL Modes
> +---------
> +
> +Multiple IPL modes are available to differentiate between the various IPL
> +configurations. These modes are mutually exclusive and enabled based on the
> +``boot-certs`` option on the QEMU command line.
> +
> +Normal Mode
> +^^^^^^^^^^^
> +
> +The absence of certificates will attempt to IPL a guest without secure IPL
> +operations. No checks are performed, and no warnings/errors are reported.
> +This is the default mode.
> +
> +Configuration:
> +
> +.. code-block:: shell
> +
> + qemu-system-s390x -machine s390-ccw-virtio ...
> diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
> index b19981feb1..667a69f80d 100644
> --- a/pc-bios/s390-ccw/bootmap.c
> +++ b/pc-bios/s390-ccw/bootmap.c
> @@ -733,7 +733,14 @@ static int zipl_run(ScsiBlockPtr *pte)
> /* Load image(s) into RAM */
> entry = (ComponentEntry *)(&header[1]);
>
> - rc = zipl_run_normal(&entry, tmp_sec);
> + switch (boot_mode) {
> + case ZIPL_BOOT_MODE_NORMAL:
> + rc = zipl_run_normal(&entry, tmp_sec);
> + break;
> + default:
> + panic("Unknown boot mode");
> + }
> +
> if (rc) {
> return rc;
> }
> @@ -1105,12 +1112,16 @@ void zipl_load(void)
> VDev *vdev = virtio_get_device();
>
> if (vdev->is_cdrom) {
> + IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
> + "Secure boot from ISO image is not supported!");
> ipl_iso_el_torito();
> puts("Failed to IPL this ISO image!");
> return;
> }
>
> if (virtio_get_device_type() == VIRTIO_ID_NET) {
> + IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
> + "Virtio net boot device does not support secure boot!");
> netmain();
> puts("Failed to IPL from this network!");
> return;
> @@ -1121,6 +1132,9 @@ void zipl_load(void)
> return;
> }
>
> + IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
> + "Secure boot with the ECKD scheme is not supported!");
> +
> switch (virtio_get_device_type()) {
> case VIRTIO_ID_BLOCK:
> zipl_load_vblk();
> diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
> index b8f836c682..cd3d0776b0 100644
> --- a/pc-bios/s390-ccw/main.c
> +++ b/pc-bios/s390-ccw/main.c
> @@ -30,6 +30,7 @@ IplParameterBlock *iplb;
> bool have_iplb;
> static uint16_t cutype;
> LowCore *lowcore; /* Yes, this *is* a pointer to address 0 */
> +ZiplBootMode boot_mode;
>
> #define LOADPARM_PROMPT "PROMPT "
> #define LOADPARM_EMPTY " "
> @@ -303,6 +304,9 @@ static void ipl_ccw_device(void)
> switch (cutype) {
> case CU_TYPE_DASD_3990:
> case CU_TYPE_DASD_2107:
> + IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
> + "Passthrough (vfio) CCW device does not support secure boot!");
> +
> dasd_ipl(blk_schid, cutype);
> break;
> case CU_TYPE_VIRTIO:
> @@ -390,6 +394,8 @@ void main(void)
> probe_boot_device();
> }
>
> + boot_mode = ZIPL_BOOT_MODE_NORMAL;
> +
> while (have_iplb) {
> boot_setup();
> if (have_iplb && find_boot_device()) {
> diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
> index 1e1f71775e..5420443ad2 100644
> --- a/pc-bios/s390-ccw/s390-ccw.h
> +++ b/pc-bios/s390-ccw/s390-ccw.h
> @@ -69,6 +69,12 @@ int sclp_read(char *str, size_t count);
> /* bootmap.c */
> void zipl_load(void);
>
> +typedef enum ZiplBootMode {
> + ZIPL_BOOT_MODE_NORMAL = 0,
> +} ZiplBootMode;
> +
> +extern ZiplBootMode boot_mode;
> +
> /* jump2ipl.c */
> void write_reset_psw(uint64_t psw);
> int jump_to_IPL_code(uint64_t address);
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 23/35] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (21 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 22/35] pc-bios/s390-ccw: Introduce ZiplBootMode enum for IPL mode selection Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 4:08 ` Eric Farman
2026-07-02 14:13 ` Jared Rossi
2026-07-01 20:49 ` [PATCH v12 24/35] pc-bios/s390-ccw: Add signed component address overlap checks Zhuoying Cai
` (11 subsequent siblings)
34 siblings, 2 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Enable secure IPL in audit mode, which performs signature verification,
but any error does not terminate the boot process. Only warnings will be
logged to the console instead.
Secure IPL in audit mode requires at least one certificate provided in
the key store along with necessary facilities (Secure IPL Facility,
Certificate Store Facility and secure IPL extension support).
Note: Secure IPL in audit mode is implemented for the SCSI scheme of
virtio-blk/virtio-scsi devices.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
docs/system/s390x/secure-ipl.rst | 15 ++
pc-bios/s390-ccw/Makefile | 2 +-
pc-bios/s390-ccw/bootmap.c | 27 +++
pc-bios/s390-ccw/bootmap.h | 9 +
pc-bios/s390-ccw/jump2ipl.c | 7 +
pc-bios/s390-ccw/main.c | 18 +-
pc-bios/s390-ccw/s390-ccw.h | 20 ++
pc-bios/s390-ccw/sclp.c | 27 +++
pc-bios/s390-ccw/sclp.h | 6 +
pc-bios/s390-ccw/secure-ipl.c | 362 +++++++++++++++++++++++++++++++
pc-bios/s390-ccw/secure-ipl.h | 116 ++++++++++
11 files changed, 607 insertions(+), 2 deletions(-)
create mode 100644 pc-bios/s390-ccw/secure-ipl.c
create mode 100644 pc-bios/s390-ccw/secure-ipl.h
diff --git a/docs/system/s390x/secure-ipl.rst b/docs/system/s390x/secure-ipl.rst
index 9d7d33f5ed..cf6ccf5d57 100644
--- a/docs/system/s390x/secure-ipl.rst
+++ b/docs/system/s390x/secure-ipl.rst
@@ -39,3 +39,18 @@ Configuration:
.. code-block:: shell
qemu-system-s390x -machine s390-ccw-virtio ...
+
+Audit Mode
+^^^^^^^^^^
+
+When the certificate store is populated with at least one certificate
+and no additional secure IPL parameters are provided on the command
+line, then secure IPL will proceed in "audit mode". All secure IPL
+operations will be performed with signature verification errors reported
+as non-disruptive warnings.
+
+Configuration:
+
+.. code-block:: shell
+
+ qemu-system-s390x -machine s390-ccw-virtio,boot-certs.0.path=/.../qemu/certs,boot-certs.1.path=/another/path/cert.pem ...
diff --git a/pc-bios/s390-ccw/Makefile b/pc-bios/s390-ccw/Makefile
index 3e5dfb64d5..2109d16781 100644
--- a/pc-bios/s390-ccw/Makefile
+++ b/pc-bios/s390-ccw/Makefile
@@ -35,7 +35,7 @@ QEMU_DGFLAGS = -MMD -MP -MT $@ -MF $(@D)/$(*F).d
OBJECTS = start.o main.o bootmap.o jump2ipl.o sclp.o menu.o netmain.o \
virtio.o virtio-net.o virtio-scsi.o virtio-blkdev.o cio.o dasd-ipl.o \
- virtio-ccw.o clp.o pci.o virtio-pci.o
+ virtio-ccw.o clp.o pci.o virtio-pci.o secure-ipl.o
SLOF_DIR := $(SRC_PATH)/../../roms/SLOF
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index 667a69f80d..1147124bd7 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -10,11 +10,13 @@
#include <string.h>
#include <stdio.h>
+#include <stdlib.h>
#include "s390-ccw.h"
#include "s390-arch.h"
#include "bootmap.h"
#include "virtio.h"
#include "bswap.h"
+#include "secure-ipl.h"
#ifdef DEBUG
/* #define DEBUG_FALLBACK */
@@ -711,6 +713,9 @@ static int zipl_run(ScsiBlockPtr *pte)
ComponentHeader *header;
ComponentEntry *entry;
uint8_t tmp_sec[MAX_SECTOR_SIZE];
+ IplDeviceComponentList comp_list = { 0 };
+ IplSignatureCertificateList cert_list = { 0 };
+ uint8_t *tmp_cert_buf = NULL;
int rc;
if (virtio_read(pte->blockno, tmp_sec)) {
@@ -737,6 +742,9 @@ static int zipl_run(ScsiBlockPtr *pte)
case ZIPL_BOOT_MODE_NORMAL:
rc = zipl_run_normal(&entry, tmp_sec);
break;
+ case ZIPL_BOOT_MODE_SECURE_AUDIT:
+ rc = zipl_run_secure(&entry, tmp_sec, &comp_list, &cert_list, &tmp_cert_buf);
+ break;
default:
panic("Unknown boot mode");
}
@@ -752,6 +760,13 @@ static int zipl_run(ScsiBlockPtr *pte)
/* should not return */
write_reset_psw(entry->compdat.load_psw);
+
+ if (boot_mode == ZIPL_BOOT_MODE_SECURE_AUDIT) {
+ update_cert_list(&cert_list);
+ update_iirb(&comp_list, &cert_list);
+ free(tmp_cert_buf);
+ }
+
jump_to_IPL_code(0);
return -1;
}
@@ -1107,6 +1122,18 @@ static int zipl_load_vscsi(void)
* IPL starts here
*/
+ZiplBootMode get_boot_mode(uint8_t hdr_flags)
+{
+ bool sipl_set = hdr_flags & DIAG308_IPIB_FLAGS_SIPL;
+ bool iplir_set = hdr_flags & DIAG308_IPIB_FLAGS_IPLIR;
+
+ if (!sipl_set && iplir_set) {
+ return ZIPL_BOOT_MODE_SECURE_AUDIT;
+ }
+
+ return ZIPL_BOOT_MODE_NORMAL;
+}
+
void zipl_load(void)
{
VDev *vdev = virtio_get_device();
diff --git a/pc-bios/s390-ccw/bootmap.h b/pc-bios/s390-ccw/bootmap.h
index 8d61ac383c..1e00454a1f 100644
--- a/pc-bios/s390-ccw/bootmap.h
+++ b/pc-bios/s390-ccw/bootmap.h
@@ -88,9 +88,18 @@ typedef struct BootMapTable {
BootMapPointer entry[];
} __attribute__ ((packed)) BootMapTable;
+#define DER_SIGNATURE_FORMAT 1
+
+typedef struct SignatureInformation {
+ uint8_t format;
+ uint8_t reserved[3];
+ uint32_t sig_len;
+} SignatureInformation;
+
typedef union ComponentEntryData {
uint64_t load_psw;
uint64_t load_addr;
+ SignatureInformation sig_info;
} ComponentEntryData;
typedef struct ComponentEntry {
diff --git a/pc-bios/s390-ccw/jump2ipl.c b/pc-bios/s390-ccw/jump2ipl.c
index fa2ca5cbe1..8e87c566f9 100644
--- a/pc-bios/s390-ccw/jump2ipl.c
+++ b/pc-bios/s390-ccw/jump2ipl.c
@@ -75,6 +75,13 @@ int jump_to_IPL_code(uint64_t address)
"diag %%r1,%%r1,0x308\n\t"
: : : "1", "memory");
puts("IPL code jump failed");
+
+ /*
+ * A failed jump only occurs in extreme conditions, so abort the IPL entirely.
+ * This also prevents attempts to boot from the chain area if it has been
+ * overwritten with component data.
+ */
+ qipl.chain_len = 0;
return -1;
}
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index cd3d0776b0..7484429c9a 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -20,6 +20,7 @@
#include "dasd-ipl.h"
#include "clp.h"
#include "virtio-pci.h"
+#include "secure-ipl.h"
static SubChannelId blk_schid = { .one = 1 };
static char loadparm_str[LOADPARM_LEN + 1];
@@ -383,6 +384,8 @@ static void probe_boot_device(void)
void main(void)
{
+ int vcssb_len;
+
iplb = &ipl_blocks.iplb;
copy_qipl();
@@ -394,7 +397,20 @@ void main(void)
probe_boot_device();
}
- boot_mode = ZIPL_BOOT_MODE_NORMAL;
+ boot_mode = get_boot_mode(iplb->hdr_flags);
+ switch (boot_mode) {
+ case ZIPL_BOOT_MODE_SECURE_AUDIT:
+ if (!secure_ipl_supported()) {
+ panic("Unable to boot in audit mode");
+ }
+
+ vcssb_len = zipl_secure_get_vcssb();
+ if (vcssb_len == 0) {
+ panic("Failed to query certificate storage information!");
+ }
+ default:
+ break;
+ }
while (have_iplb) {
boot_setup();
diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
index 5420443ad2..ca2737054d 100644
--- a/pc-bios/s390-ccw/s390-ccw.h
+++ b/pc-bios/s390-ccw/s390-ccw.h
@@ -40,6 +40,22 @@ typedef unsigned long long u64;
((b) == 0 ? (a) : (MIN(a, b))))
#endif
+/*
+ * Round number down to multiple. Requires that d be a power of 2.
+ * Works even if d is a smaller type than n.
+ */
+#ifndef ROUND_DOWN
+#define ROUND_DOWN(n, d) ((n) & -(0 ? (n) : (d)))
+#endif
+
+/*
+ * Round number up to multiple. Requires that d be a power of 2.
+ * Works even if d is a smaller type than n.
+ */
+#ifndef ROUND_UP
+#define ROUND_UP(n, d) ROUND_DOWN((n) + (d) - 1, (d))
+#endif
+
#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
#include "cio.h"
@@ -64,6 +80,8 @@ void sclp_print(const char *string);
void sclp_set_write_mask(uint32_t receive_mask, uint32_t send_mask);
void sclp_setup(void);
void sclp_get_loadparm_ascii(char *loadparm);
+bool sclp_is_diag320_on(void);
+bool sclp_is_fac_ipl_flag_on(uint16_t fac_ipl_flag);
int sclp_read(char *str, size_t count);
/* bootmap.c */
@@ -71,9 +89,11 @@ void zipl_load(void);
typedef enum ZiplBootMode {
ZIPL_BOOT_MODE_NORMAL = 0,
+ ZIPL_BOOT_MODE_SECURE_AUDIT = 1,
} ZiplBootMode;
extern ZiplBootMode boot_mode;
+ZiplBootMode get_boot_mode(uint8_t hdr_flags);
/* jump2ipl.c */
void write_reset_psw(uint64_t psw);
diff --git a/pc-bios/s390-ccw/sclp.c b/pc-bios/s390-ccw/sclp.c
index 4a07de018d..48bdfedf1f 100644
--- a/pc-bios/s390-ccw/sclp.c
+++ b/pc-bios/s390-ccw/sclp.c
@@ -113,6 +113,33 @@ void sclp_get_loadparm_ascii(char *loadparm)
}
}
+bool sclp_is_diag320_on(void)
+{
+ ReadInfo *sccb = (void *)_sccb;
+
+ memset((char *)_sccb, 0, sizeof(ReadInfo));
+ sccb->h.length = SCCB_SIZE;
+ if (!sclp_service_call(SCLP_CMDW_READ_SCP_INFO, sccb)) {
+ return sccb->fac134 & SCCB_FAC134_DIAG320_BIT;
+ }
+
+ return 0;
+}
+
+/* check if specified IPL facility flag is enabled */
+bool sclp_is_fac_ipl_flag_on(uint16_t fac_ipl_flag)
+{
+ ReadInfo *sccb = (void *)_sccb;
+
+ memset((char *)_sccb, 0, sizeof(ReadInfo));
+ sccb->h.length = SCCB_SIZE;
+ if (!sclp_service_call(SCLP_CMDW_READ_SCP_INFO, sccb)) {
+ return sccb->fac_ipl & fac_ipl_flag;
+ }
+
+ return 0;
+}
+
int sclp_read(char *str, size_t count)
{
ReadEventData *sccb = (void *)_sccb;
diff --git a/pc-bios/s390-ccw/sclp.h b/pc-bios/s390-ccw/sclp.h
index 64b53cad29..a8a41cd004 100644
--- a/pc-bios/s390-ccw/sclp.h
+++ b/pc-bios/s390-ccw/sclp.h
@@ -50,6 +50,8 @@ typedef struct SCCBHeader {
} __attribute__((packed)) SCCBHeader;
#define SCCB_DATA_LEN (SCCB_SIZE - sizeof(SCCBHeader))
+#define SCCB_FAC134_DIAG320_BIT 0x4
+#define SCCB_FAC_IPL_SIPL_BIT 0x4000
typedef struct ReadInfo {
SCCBHeader h;
@@ -57,6 +59,10 @@ typedef struct ReadInfo {
uint8_t rnsize;
uint8_t reserved[13];
uint8_t loadparm[LOADPARM_LEN];
+ uint8_t reserved1[102];
+ uint8_t fac134;
+ uint8_t reserved2;
+ uint16_t fac_ipl;
} __attribute__((packed)) ReadInfo;
typedef struct SCCB {
diff --git a/pc-bios/s390-ccw/secure-ipl.c b/pc-bios/s390-ccw/secure-ipl.c
new file mode 100644
index 0000000000..2d9a4cbc02
--- /dev/null
+++ b/pc-bios/s390-ccw/secure-ipl.c
@@ -0,0 +1,362 @@
+/*
+ * S/390 Secure IPL
+ *
+ * Functions to support IPL in secure boot mode (DIAG 320, DIAG 508,
+ * signature verification, and certificate handling).
+ *
+ * For secure IPL overview: docs/system/s390x/secure-ipl.rst
+ * For secure IPL technical: docs/specs/s390x-secure-ipl.rst
+ *
+ * Copyright 2025 IBM Corp.
+ * Author(s): Zhuoying Cai <zycai@linux.ibm.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include "s390-ccw.h"
+#include "sclp.h"
+#include "secure-ipl.h"
+
+static VCStorageSizeBlock vcssb __attribute__((__aligned__(8)));
+
+#define for_each_rb_entry(entry, list) \
+ for (entry = (void *)(list) + sizeof((list)->ipl_info_header); \
+ (void *)(entry) + sizeof(*(entry)) <= \
+ (void *)(list) + (list)->ipl_info_header.len; \
+ entry++)
+
+int zipl_secure_get_vcssb(void)
+{
+ /* avoid retrieving vcssb multiple times */
+ if (vcssb.length == VCSSB_LEN_VALID) {
+ goto out;
+ }
+
+ vcssb.length = VCSSB_LEN_VALID;
+ if (_diag320(&vcssb, DIAG_320_SUBC_QUERY_VCSI) != DIAG_320_RC_OK) {
+ vcssb.length = 0;
+ }
+
+out:
+ return vcssb.length;
+}
+
+static uint32_t request_certificate(uint8_t *cert_buf, uint8_t index)
+{
+ VCEntryHeader *vce_hdr;
+ struct vcb {
+ VCBlockHeader vcb_hdr;
+ struct vce {
+ VCEntryHeader vce_hdr;
+ uint8_t cert_buf[CERT_BUF_MAX_LEN];
+ } vce;
+ } __attribute__((__aligned__(PAGE_SIZE))) vcb = { 0 };
+
+ /*
+ * Request single entry
+ * Fill input fields of single-entry VCB
+ *
+ * First and last index must be equal because only one
+ * VCE per VCB is currently supported
+ */
+ vcb.vcb_hdr.in_len = ROUND_UP(vcssb.max_single_vcb_len, PAGE_SIZE);
+ vcb.vcb_hdr.first_vc_index = index;
+ vcb.vcb_hdr.last_vc_index = index;
+
+ if (_diag320(&vcb, DIAG_320_SUBC_STORE_VC) != DIAG_320_RC_OK) {
+ puts("Could not get certificate");
+ return 0;
+ }
+
+ if (vcb.vcb_hdr.out_len == sizeof(VCBlockHeader)) {
+ puts("No certificate entry");
+ return 0;
+ }
+
+ if (vcb.vcb_hdr.remain_ct != 0) {
+ panic("Not enough memory to store requested certificate");
+ }
+
+ vce_hdr = &vcb.vce.vce_hdr;
+ if (!(vce_hdr->flags & DIAG_320_VCE_FLAGS_VALID)) {
+ puts("Invalid certificate");
+ return 0;
+ }
+
+ memcpy(cert_buf, (uint8_t *)&vcb.vce + vce_hdr->cert_offset, vce_hdr->cert_len);
+
+ return vce_hdr->cert_len;
+}
+
+static int cert_list_add(IplSignatureCertificateList *cert_list,
+ IplSignatureCertificateEntry cert_entry)
+{
+ int cert_entry_idx;
+
+ cert_entry_idx = (cert_list->ipl_info_header.len - sizeof(IplInfoBlockHeader)) /
+ sizeof(IplSignatureCertificateEntry);
+
+ cert_list->cert_entries[cert_entry_idx] = cert_entry;
+ cert_list->ipl_info_header.len += sizeof(IplSignatureCertificateEntry);
+
+ return cert_entry_idx;
+}
+
+static void comp_list_add(IplDeviceComponentList *comp_list,
+ IplDeviceComponentEntry comp_entry)
+{
+ int comp_entry_idx;
+
+ comp_entry_idx = (comp_list->ipl_info_header.len - sizeof(IplInfoBlockHeader)) /
+ sizeof(IplDeviceComponentEntry);
+ if (comp_entry_idx > MAX_COMP_ENTRIES - 1) {
+ printf("Warning: only %d component entries are supported\n",
+ MAX_COMP_ENTRIES);
+ panic("The device component list has reached its maximum capacity");
+ }
+
+ comp_list->device_entries[comp_entry_idx] = comp_entry;
+ comp_list->ipl_info_header.len += sizeof(IplDeviceComponentEntry);
+}
+
+void update_iirb(IplDeviceComponentList *comp_list,
+ IplSignatureCertificateList *cert_list)
+{
+ IplInfoReportBlock *iirb;
+ IplDeviceComponentList *iirb_comps;
+ IplSignatureCertificateList *iirb_certs;
+ uint32_t iirb_hdr_len;
+ uint32_t comps_len;
+ uint32_t certs_len;
+
+ if (iplb->len % 8 != 0) {
+ panic("IPL parameter block length field value is not multiple of 8 bytes");
+ }
+
+ iirb_hdr_len = sizeof(IplInfoReportBlockHeader);
+ comps_len = comp_list->ipl_info_header.len;
+ certs_len = cert_list->ipl_info_header.len;
+ if ((comps_len + certs_len + iirb_hdr_len) > sizeof(IplInfoReportBlock)) {
+ panic("Not enough space to hold all components and certificates in IIRB");
+ }
+
+ /* IIRB immediately follows IPLB */
+ iirb = &ipl_blocks.iirb;
+ iirb->hdr.len = iirb_hdr_len;
+
+ /* Copy IPL device component list after IIRB Header */
+ iirb_comps = (IplDeviceComponentList *) iirb->info_blks;
+ memcpy(iirb_comps, comp_list, comps_len);
+
+ /* Update IIRB length */
+ iirb->hdr.len += comps_len;
+
+ /* Copy IPL sig cert list after IPL device component list */
+ iirb_certs = (IplSignatureCertificateList *) (iirb->info_blks +
+ iirb_comps->ipl_info_header.len);
+ memcpy(iirb_certs, cert_list, certs_len);
+
+ /* Update IIRB length */
+ iirb->hdr.len += certs_len;
+}
+
+bool secure_ipl_supported(void)
+{
+ if (!sclp_is_fac_ipl_flag_on(SCCB_FAC_IPL_SIPL_BIT)) {
+ puts("Secure IPL Facility is not supported by the hypervisor!");
+ return false;
+ }
+
+ if (!is_signature_verif_supported()) {
+ puts("Secure IPL extensions are not supported by the hypervisor!");
+ return false;
+ }
+
+ if (!is_cert_store_facility_supported()) {
+ puts("Certificate Store Facility is not supported by the hypervisor!");
+ return false;
+ }
+
+ return true;
+}
+
+static void init_lists(IplDeviceComponentList *comp_list,
+ IplSignatureCertificateList *cert_list)
+{
+ comp_list->ipl_info_header.type = IPL_INFO_BLOCK_TYPE_COMPONENTS;
+ comp_list->ipl_info_header.len = sizeof(IplInfoBlockHeader);
+
+ cert_list->ipl_info_header.type = IPL_INFO_BLOCK_TYPE_CERTIFICATES;
+ cert_list->ipl_info_header.len = sizeof(IplInfoBlockHeader);
+}
+
+static int zipl_load_signature(ComponentEntry *entry, uint64_t sig)
+{
+ if (entry->compdat.sig_info.format != DER_SIGNATURE_FORMAT) {
+ puts("Signature is not in DER format");
+ return -1;
+ }
+
+ if (zipl_load_segment(entry->data.blockno, sig) < 0) {
+ return -1;
+ }
+
+ return entry->compdat.sig_info.sig_len;
+}
+
+void update_cert_list(IplSignatureCertificateList *cert_list)
+{
+ IplSignatureCertificateEntry *cert_entry;
+ uint8_t *cert_buf;
+
+ cert_buf = (uint8_t *)qipl.ipl_data;
+
+ for_each_rb_entry(cert_entry, cert_list) {
+ memcpy(cert_buf, (uint8_t *)cert_entry->addr, cert_entry->len);
+ cert_entry->addr = (uint64_t)cert_buf;
+ cert_buf += cert_entry->len;
+ }
+}
+
+int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
+ IplDeviceComponentList *comp_list,
+ IplSignatureCertificateList *cert_list,
+ uint8_t **tmp_cert_buf)
+{
+ /*
+ * Keep track of which certificate store indices correspond to the
+ * certificate data entries within the IplSignatureCertificateList to
+ * prevent allocating space for the same certificate multiple times.
+ *
+ * The array index corresponds to the certificate's cert-store index.
+ *
+ * The array value corresponds to the certificate's entry within the
+ * IplSignatureCertificateList (with a value of -1 denoting no entry
+ * exists for the certificate).
+ */
+ int cert_list_table[vcssb.total_vc_ct + 1];
+ IplSignatureCertificateEntry sig_entry = { 0 };
+ IplSignatureCertificateEntry cert_entry;
+ IplDeviceComponentEntry comp_entry;
+ ComponentEntry *entry = *entry_ptr;
+ int rc = -1;
+ int sig_len = 0;
+ int comp_len;
+ int cert_entry_idx;
+ uint64_t comp_addr;
+ uint8_t cert_table_idx;
+ uint8_t *tmp_buf;
+ bool verified;
+ bool signed_found = false;
+
+ if ((MAX_SIGNED_COMP * CERT_BUF_MAX_LEN) > (CERT_BUF_SIZE)) {
+ panic("Not enough memory to store certificates");
+ }
+ *tmp_cert_buf = malloc(CERT_BUF_SIZE);
+ tmp_buf = *tmp_cert_buf;
+
+ init_lists(comp_list, cert_list);
+ sig_entry.addr = (uint64_t)malloc(MAX_SECTOR_SIZE);
+ memset(cert_list_table, -1, sizeof(cert_list_table));
+
+ while (entry->component_type != ZIPL_COMP_ENTRY_EXEC) {
+ switch (entry->component_type) {
+ case ZIPL_COMP_ENTRY_SIGNATURE:
+ if (sig_entry.len) {
+ goto error;
+ }
+
+ sig_len = zipl_load_signature(entry, sig_entry.addr);
+ if (sig_len < 0) {
+ goto error;
+ }
+
+ sig_entry.len = sig_len;
+ break;
+ case ZIPL_COMP_ENTRY_LOAD:
+ comp_addr = entry->compdat.load_addr;
+ comp_len = zipl_load_segment(entry->data.blockno, comp_addr);
+ if (comp_len < 0) {
+ goto error;
+ }
+
+ comp_entry = (IplDeviceComponentEntry){ 0 };
+ comp_entry.addr = comp_addr;
+ comp_entry.len = (uint64_t)comp_len;
+
+ /* no signature present (unsigned component) */
+ if (!sig_entry.len) {
+ comp_list_add(comp_list, comp_entry);
+ break;
+ }
+
+ /*
+ * Initialize with SC flag (signed component)
+ * CSV flag set upon successful verification
+ */
+ comp_entry.flags = S390_IPL_DEV_COMP_FLAG_SC;
+ signed_found = true;
+
+ cert_entry = (IplSignatureCertificateEntry) { 0 };
+ verified = verify_signature(comp_entry, sig_entry,
+ &cert_entry.len, &cert_table_idx);
+
+ if (verified) {
+ if (cert_list_table[cert_table_idx] == -1) {
+ if (!request_certificate(tmp_buf, cert_table_idx)) {
+ puts("Could not get certificate");
+ goto error;
+ }
+
+ cert_entry.addr = (uint64_t)tmp_buf;
+ cert_entry_idx = cert_list_add(cert_list, cert_entry);
+ /* map cert-store index to cert-list entry index */
+ cert_list_table[cert_table_idx] = cert_entry_idx;
+ /* increment for the next certificate */
+ tmp_buf += cert_entry.len;
+ }
+
+ comp_entry.cert_index = cert_list_table[cert_table_idx];
+ comp_entry.flags |= S390_IPL_DEV_COMP_FLAG_CSV;
+ puts("Verified component");
+ } else {
+ zipl_secure_error("Could not verify component");
+ }
+
+ comp_list_add(comp_list, comp_entry);
+
+ /* After a signature is used another new one can be accepted */
+ sig_entry.len = 0;
+ break;
+ default:
+ puts("Unknown component entry type");
+ goto error;
+ }
+
+ entry++;
+
+ if ((uint8_t *)(&entry[1]) > tmp_sec + MAX_SECTOR_SIZE) {
+ puts("Wrong entry value");
+ rc = -EINVAL;
+ goto error;
+ }
+ }
+
+ if (!signed_found) {
+ zipl_secure_error("Secure boot is on, but components are not signed");
+ }
+
+ *entry_ptr = entry;
+ free((void *)sig_entry.addr);
+
+ return 0;
+error:
+ free(*tmp_cert_buf);
+ *tmp_cert_buf = NULL;
+ free((void *)sig_entry.addr);
+
+ return rc;
+}
diff --git a/pc-bios/s390-ccw/secure-ipl.h b/pc-bios/s390-ccw/secure-ipl.h
new file mode 100644
index 0000000000..d5d6d6f7ac
--- /dev/null
+++ b/pc-bios/s390-ccw/secure-ipl.h
@@ -0,0 +1,116 @@
+/*
+ * S/390 Secure IPL
+ *
+ * Copyright 2025 IBM Corp.
+ * Author(s): Zhuoying Cai <zycai@linux.ibm.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef _PC_BIOS_S390_CCW_SECURE_IPL_H
+#define _PC_BIOS_S390_CCW_SECURE_IPL_H
+
+#include "bootmap.h"
+#include <diag320.h>
+#include <diag508.h>
+
+#define MAX_SIGNED_COMP 3
+#define CERT_BUF_SIZE (7 * PAGE_SIZE)
+
+int zipl_secure_get_vcssb(void);
+bool secure_ipl_supported(void);
+void update_iirb(IplDeviceComponentList *comp_list,
+ IplSignatureCertificateList *cert_list);
+void update_cert_list(IplSignatureCertificateList *cert_list);
+int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
+ IplDeviceComponentList *comp_list,
+ IplSignatureCertificateList *cert_list,
+ uint8_t **tmp_cert_buf);
+
+static inline void zipl_secure_error(const char *message)
+{
+ switch (boot_mode) {
+ case ZIPL_BOOT_MODE_SECURE_AUDIT:
+ printf("AUDIT MODE WARNING: %s\n", message);
+ break;
+ default:
+ break;
+ }
+}
+
+static inline uint64_t _diag320(void *data, unsigned long subcode)
+{
+ register unsigned long addr asm("0") = (unsigned long)data;
+ register unsigned long rc asm("1") = 0;
+
+ asm volatile ("diag %0,%2,0x320\n"
+ : "+d" (addr), "+d" (rc)
+ : "d" (subcode)
+ : "memory", "cc");
+ return rc;
+}
+
+static inline bool is_cert_store_facility_supported(void)
+{
+ uint32_t d320_ism;
+
+ if (!sclp_is_diag320_on()) {
+ return false;
+ }
+
+ if (_diag320(&d320_ism, DIAG_320_SUBC_QUERY_ISM) != DIAG_320_RC_OK) {
+ return false;
+ }
+
+ return d320_ism & (DIAG_320_ISM_QUERY_VCSI | DIAG_320_ISM_STORE_VC);
+}
+
+static inline uint64_t _diag508(void *data, unsigned long subcode)
+{
+ register unsigned long addr asm("0") = (unsigned long)data;
+ register unsigned long rc asm("1") = 0;
+
+ asm volatile ("diag %0,%2,0x508\n"
+ : "+d" (addr), "+d" (rc)
+ : "d" (subcode)
+ : "memory", "cc");
+ return rc;
+}
+
+static inline bool is_signature_verif_supported(void)
+{
+ uint64_t d508_subcodes;
+
+ d508_subcodes = _diag508(NULL, DIAG_508_SUBC_QUERY_SUBC);
+ return d508_subcodes & DIAG_508_SUBC_SIG_VERIF;
+}
+
+static inline bool verify_signature(IplDeviceComponentEntry comp_entry,
+ IplSignatureCertificateEntry sig_entry,
+ uint64_t *cert_len, uint8_t *cert_idx)
+{
+ Diag508SigVerifBlock svb;
+
+ svb.length = sizeof(Diag508SigVerifBlock);
+ svb.version = 0;
+ svb.comp_len = comp_entry.len;
+ svb.comp_addr = comp_entry.addr;
+ svb.sig_len = sig_entry.len;
+ svb.sig_addr = sig_entry.addr;
+
+ if (_diag508(&svb, DIAG_508_SUBC_SIG_VERIF) == DIAG_508_RC_OK) {
+ *cert_len = svb.cert_len;
+ /*
+ * DIAG 508 utilizes an index origin of 0 when indexing the cert store.
+ * The cert_idx will be used for DIAG 320 data structures, which expects
+ * an index origin of 1. Account for the offset here so it's easier to
+ * manage later.
+ */
+ *cert_idx = svb.cert_store_index + 1;
+ return true;
+ }
+
+ return false;
+}
+
+#endif /* _PC_BIOS_S390_CCW_SECURE_IPL_H */
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 23/35] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode
2026-07-01 20:49 ` [PATCH v12 23/35] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode Zhuoying Cai
@ 2026-07-02 4:08 ` Eric Farman
2026-07-02 14:13 ` Jared Rossi
1 sibling, 0 replies; 71+ messages in thread
From: Eric Farman @ 2026-07-02 4:08 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On Wed, 2026-07-01 at 16:49 -0400, Zhuoying Cai wrote:
> Enable secure IPL in audit mode, which performs signature verification,
> but any error does not terminate the boot process. Only warnings will be
> logged to the console instead.
>
> Secure IPL in audit mode requires at least one certificate provided in
> the key store along with necessary facilities (Secure IPL Facility,
> Certificate Store Facility and secure IPL extension support).
>
> Note: Secure IPL in audit mode is implemented for the SCSI scheme of
> virtio-blk/virtio-scsi devices.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> docs/system/s390x/secure-ipl.rst | 15 ++
> pc-bios/s390-ccw/Makefile | 2 +-
> pc-bios/s390-ccw/bootmap.c | 27 +++
> pc-bios/s390-ccw/bootmap.h | 9 +
> pc-bios/s390-ccw/jump2ipl.c | 7 +
> pc-bios/s390-ccw/main.c | 18 +-
> pc-bios/s390-ccw/s390-ccw.h | 20 ++
> pc-bios/s390-ccw/sclp.c | 27 +++
> pc-bios/s390-ccw/sclp.h | 6 +
> pc-bios/s390-ccw/secure-ipl.c | 362 +++++++++++++++++++++++++++++++
> pc-bios/s390-ccw/secure-ipl.h | 116 ++++++++++
> 11 files changed, 607 insertions(+), 2 deletions(-)
> create mode 100644 pc-bios/s390-ccw/secure-ipl.c
> create mode 100644 pc-bios/s390-ccw/secure-ipl.h
...snip...
>
> diff --git a/pc-bios/s390-ccw/secure-ipl.c b/pc-bios/s390-ccw/secure-ipl.c
> new file mode 100644
> index 0000000000..2d9a4cbc02
> --- /dev/null
> +++ b/pc-bios/s390-ccw/secure-ipl.c
...snip...
> +void update_cert_list(IplSignatureCertificateList *cert_list)
> +{
> + IplSignatureCertificateEntry *cert_entry;
> + uint8_t *cert_buf;
> +
> + cert_buf = (uint8_t *)qipl.ipl_data;
> +
> + for_each_rb_entry(cert_entry, cert_list) {
> + memcpy(cert_buf, (uint8_t *)cert_entry->addr, cert_entry->len);
> + cert_entry->addr = (uint64_t)cert_buf;
> + cert_buf += cert_entry->len;
> + }
> +}
Apologies if this is elsewhere in the patch (I'll revisit this tomorrow with coffee), but is there
any limit to the number of entries in this loop, or could we walk off the end of qipl.ipl_data with
a sufficiently large list?
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 23/35] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode
2026-07-01 20:49 ` [PATCH v12 23/35] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode Zhuoying Cai
2026-07-02 4:08 ` Eric Farman
@ 2026-07-02 14:13 ` Jared Rossi
2026-07-02 15:26 ` Zhuoying Cai
1 sibling, 1 reply; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 14:13 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> Enable secure IPL in audit mode, which performs signature verification,
> but any error does not terminate the boot process. Only warnings will be
> logged to the console instead.
>
> Secure IPL in audit mode requires at least one certificate provided in
> the key store along with necessary facilities (Secure IPL Facility,
> Certificate Store Facility and secure IPL extension support).
>
> Note: Secure IPL in audit mode is implemented for the SCSI scheme of
> virtio-blk/virtio-scsi devices.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> docs/system/s390x/secure-ipl.rst | 15 ++
> pc-bios/s390-ccw/Makefile | 2 +-
> pc-bios/s390-ccw/bootmap.c | 27 +++
> pc-bios/s390-ccw/bootmap.h | 9 +
> pc-bios/s390-ccw/jump2ipl.c | 7 +
> pc-bios/s390-ccw/main.c | 18 +-
> pc-bios/s390-ccw/s390-ccw.h | 20 ++
> pc-bios/s390-ccw/sclp.c | 27 +++
> pc-bios/s390-ccw/sclp.h | 6 +
> pc-bios/s390-ccw/secure-ipl.c | 362 +++++++++++++++++++++++++++++++
> pc-bios/s390-ccw/secure-ipl.h | 116 ++++++++++
> 11 files changed, 607 insertions(+), 2 deletions(-)
> create mode 100644 pc-bios/s390-ccw/secure-ipl.c
> create mode 100644 pc-bios/s390-ccw/secure-ipl.h
>
[...]
> +
> +void update_cert_list(IplSignatureCertificateList *cert_list)
> +{
> + IplSignatureCertificateEntry *cert_entry;
> + uint8_t *cert_buf;
> +
> + cert_buf = (uint8_t *)qipl.ipl_data;
> +
> + for_each_rb_entry(cert_entry, cert_list) {
> + memcpy(cert_buf, (uint8_t *)cert_entry->addr, cert_entry->len);
> + cert_entry->addr = (uint64_t)cert_buf;
> + cert_buf += cert_entry->len;
> + }
> +}
This looks like the correct idea but I think it needs additional
validation. Firstly, as Eric mentioned, there is no check that the size
of our cert entries don't exceed the qipl.ipl_data space. I know there
are implicit factors such as maximum certificate size and such that
limit it in a way that it shouldn't be possible, but we should still check.
Secondly and more critically, you need to reset the qipl.ipl_data
address to it's initial value before reusing it. I don't think I saw
that done anywhere. The address is incremented after each IPLB is
loaded from the chain (see the load_next_iplb() function in iplb.h), so
if we in theory had started with 7 IPLBs in the chain and loaded all of
them, and if we then copied the maximum allowed size of certificate
entry data, we would exceed the qipl.ipl_data upper limit and probably
clobber the kernel.
I think the easiest way to restore the qipl.ipl_data address to its
initial value is to track how many IPLBs we've used, multiply that by
the size of the IPLB, and then move the address back by that amount.
Regards,
Jared Rossi
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 23/35] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode
2026-07-02 14:13 ` Jared Rossi
@ 2026-07-02 15:26 ` Zhuoying Cai
2026-07-02 16:11 ` Jared Rossi
0 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-02 15:26 UTC (permalink / raw)
To: Jared Rossi, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
Thanks for the feedback!
On 7/2/26 10:13 AM, Jared Rossi wrote:
>
>
> On 7/1/26 4:49 PM, Zhuoying Cai wrote:
>> Enable secure IPL in audit mode, which performs signature verification,
>> but any error does not terminate the boot process. Only warnings will be
>> logged to the console instead.
>>
>> Secure IPL in audit mode requires at least one certificate provided in
>> the key store along with necessary facilities (Secure IPL Facility,
>> Certificate Store Facility and secure IPL extension support).
>>
>> Note: Secure IPL in audit mode is implemented for the SCSI scheme of
>> virtio-blk/virtio-scsi devices.
>>
>> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
>> ---
>> docs/system/s390x/secure-ipl.rst | 15 ++
>> pc-bios/s390-ccw/Makefile | 2 +-
>> pc-bios/s390-ccw/bootmap.c | 27 +++
>> pc-bios/s390-ccw/bootmap.h | 9 +
>> pc-bios/s390-ccw/jump2ipl.c | 7 +
>> pc-bios/s390-ccw/main.c | 18 +-
>> pc-bios/s390-ccw/s390-ccw.h | 20 ++
>> pc-bios/s390-ccw/sclp.c | 27 +++
>> pc-bios/s390-ccw/sclp.h | 6 +
>> pc-bios/s390-ccw/secure-ipl.c | 362 +++++++++++++++++++++++++++++++
>> pc-bios/s390-ccw/secure-ipl.h | 116 ++++++++++
>> 11 files changed, 607 insertions(+), 2 deletions(-)
>> create mode 100644 pc-bios/s390-ccw/secure-ipl.c
>> create mode 100644 pc-bios/s390-ccw/secure-ipl.h
>>
> [...]
>> +
>> +void update_cert_list(IplSignatureCertificateList *cert_list)
>> +{
>> + IplSignatureCertificateEntry *cert_entry;
>> + uint8_t *cert_buf;
>> +
>> + cert_buf = (uint8_t *)qipl.ipl_data;
>> +
>> + for_each_rb_entry(cert_entry, cert_list) {
>> + memcpy(cert_buf, (uint8_t *)cert_entry->addr, cert_entry->len);
>> + cert_entry->addr = (uint64_t)cert_buf;
>> + cert_buf += cert_entry->len;
>> + }
>> +}
>
> This looks like the correct idea but I think it needs additional
> validation. Firstly, as Eric mentioned, there is no check that the size
> of our cert entries don't exceed the qipl.ipl_data space. I know there
> are implicit factors such as maximum certificate size and such that
> limit it in a way that it shouldn't be possible, but we should still check.
>
At the beginning of zipl_run_secure(), I added a check to ensure that
there is enough space to store the certificates required for the current
IPL. We store the certificates directly in the qipl.ipl_data area rather
than storing cert entries (IplSignatureCertificateEntry) in qipl.ipl_data.
As discussed previously and documented here
(<https://www.ibm.com/docs/en/linux-on-systems?topic=keys-required-signatures>),
an IPL requires at most two, and possibly three, signed components,
meaning that at most three certificates are needed. Based on that, I
check that MAX_SIGNED_COMP * CERT_BUF_MAX_LEN does not exceed
CERT_BUF_SIZE, ensuring there is sufficient space for the certificates
used by the current IPL. Please let me know if you think any additional
validation is needed.
> Secondly and more critically, you need to reset the qipl.ipl_data
> address to it's initial value before reusing it. I don't think I saw
> that done anywhere. The address is incremented after each IPLB is
> loaded from the chain (see the load_next_iplb() function in iplb.h), so
> if we in theory had started with 7 IPLBs in the chain and loaded all of
> them, and if we then copied the maximum allowed size of certificate
> entry data, we would exceed the qipl.ipl_data upper limit and probably
> clobber the kernel.
>
> I think the easiest way to restore the qipl.ipl_data address to its
> initial value is to track how many IPLBs we've used, multiply that by
> the size of the IPLB, and then move the address back by that amount.
>
Thanks for pointing this out. I missed resetting the qipl.ipl_data
address before reusing it. I'll restore it to its initial value before
copying the certificate data. Thanks!
> Regards,
> Jared Rossi
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 23/35] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode
2026-07-02 15:26 ` Zhuoying Cai
@ 2026-07-02 16:11 ` Jared Rossi
0 siblings, 0 replies; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 16:11 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/2/26 11:26 AM, Zhuoying Cai wrote:
> Thanks for the feedback!
>
> On 7/2/26 10:13 AM, Jared Rossi wrote:
>>
>> On 7/1/26 4:49 PM, Zhuoying Cai wrote:
>>> Enable secure IPL in audit mode, which performs signature verification,
>>> but any error does not terminate the boot process. Only warnings will be
>>> logged to the console instead.
>>>
>>> Secure IPL in audit mode requires at least one certificate provided in
>>> the key store along with necessary facilities (Secure IPL Facility,
>>> Certificate Store Facility and secure IPL extension support).
>>>
>>> Note: Secure IPL in audit mode is implemented for the SCSI scheme of
>>> virtio-blk/virtio-scsi devices.
>>>
>>> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
>>> ---
>>> docs/system/s390x/secure-ipl.rst | 15 ++
>>> pc-bios/s390-ccw/Makefile | 2 +-
>>> pc-bios/s390-ccw/bootmap.c | 27 +++
>>> pc-bios/s390-ccw/bootmap.h | 9 +
>>> pc-bios/s390-ccw/jump2ipl.c | 7 +
>>> pc-bios/s390-ccw/main.c | 18 +-
>>> pc-bios/s390-ccw/s390-ccw.h | 20 ++
>>> pc-bios/s390-ccw/sclp.c | 27 +++
>>> pc-bios/s390-ccw/sclp.h | 6 +
>>> pc-bios/s390-ccw/secure-ipl.c | 362 +++++++++++++++++++++++++++++++
>>> pc-bios/s390-ccw/secure-ipl.h | 116 ++++++++++
>>> 11 files changed, 607 insertions(+), 2 deletions(-)
>>> create mode 100644 pc-bios/s390-ccw/secure-ipl.c
>>> create mode 100644 pc-bios/s390-ccw/secure-ipl.h
>>>
>> [...]
>>> +
>>> +void update_cert_list(IplSignatureCertificateList *cert_list)
>>> +{
>>> + IplSignatureCertificateEntry *cert_entry;
>>> + uint8_t *cert_buf;
>>> +
>>> + cert_buf = (uint8_t *)qipl.ipl_data;
>>> +
>>> + for_each_rb_entry(cert_entry, cert_list) {
>>> + memcpy(cert_buf, (uint8_t *)cert_entry->addr, cert_entry->len);
>>> + cert_entry->addr = (uint64_t)cert_buf;
>>> + cert_buf += cert_entry->len;
>>> + }
>>> +}
>> This looks like the correct idea but I think it needs additional
>> validation. Firstly, as Eric mentioned, there is no check that the size
>> of our cert entries don't exceed the qipl.ipl_data space. I know there
>> are implicit factors such as maximum certificate size and such that
>> limit it in a way that it shouldn't be possible, but we should still check.
>>
> At the beginning of zipl_run_secure(), I added a check to ensure that
> there is enough space to store the certificates required for the current
> IPL. We store the certificates directly in the qipl.ipl_data area rather
> than storing cert entries (IplSignatureCertificateEntry) in qipl.ipl_data.
>
> As discussed previously and documented here
> (<https://www.ibm.com/docs/en/linux-on-systems?topic=keys-required-signatures>),
> an IPL requires at most two, and possibly three, signed components,
> meaning that at most three certificates are needed. Based on that, I
> check that MAX_SIGNED_COMP * CERT_BUF_MAX_LEN does not exceed
> CERT_BUF_SIZE, ensuring there is sufficient space for the certificates
> used by the current IPL. Please let me know if you think any additional
> validation is needed.
That check is good. I think it could be a compile time check though
since everything is constant.
I guess the reason this feels fragile is because the size of the
iplb_chain array determines the size of the ipl_data area, and the chain
array size itself is determined by a magic number 7 in hw/ipl.c. We
need to change that line anyway to initialize the chain to zero as Eric
pointed out, so lets also use MAX_BOOT_DEVS - 1 instead of just magic
7. This way we can also add another compile time check:
(sizeof(IplParameterBlock) * (MAX_BOOT_DEVS - 1)) == CERT_BUF_SIZE
which will ensure that any potential changes to the either the cert
buffer size and/or number of allowed boot devices will be kept in sync
for the shared buffer area.
>
>> Secondly and more critically, you need to reset the qipl.ipl_data
>> address to it's initial value before reusing it. I don't think I saw
>> that done anywhere. The address is incremented after each IPLB is
>> loaded from the chain (see the load_next_iplb() function in iplb.h), so
>> if we in theory had started with 7 IPLBs in the chain and loaded all of
>> them, and if we then copied the maximum allowed size of certificate
>> entry data, we would exceed the qipl.ipl_data upper limit and probably
>> clobber the kernel.
>>
>> I think the easiest way to restore the qipl.ipl_data address to its
>> initial value is to track how many IPLBs we've used, multiply that by
>> the size of the IPLB, and then move the address back by that amount.
>>
> Thanks for pointing this out. I missed resetting the qipl.ipl_data
> address before reusing it. I'll restore it to its initial value before
> copying the certificate data. Thanks!
>
>> Regards,
>> Jared Rossi
Thanks,
Jared Rossi
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 24/35] pc-bios/s390-ccw: Add signed component address overlap checks
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (22 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 23/35] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 2:49 ` Jared Rossi
2026-07-01 20:49 ` [PATCH v12 25/35] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF) Zhuoying Cai
` (10 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Add address range tracking and overlap checks to ensure that no
component overlaps with a signed component during secure IPL.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
pc-bios/s390-ccw/secure-ipl.c | 19 +++++++++++++++++++
pc-bios/s390-ccw/secure-ipl.h | 6 ++++++
2 files changed, 25 insertions(+)
diff --git a/pc-bios/s390-ccw/secure-ipl.c b/pc-bios/s390-ccw/secure-ipl.c
index 2d9a4cbc02..af98881aa5 100644
--- a/pc-bios/s390-ccw/secure-ipl.c
+++ b/pc-bios/s390-ccw/secure-ipl.c
@@ -193,6 +193,23 @@ static void init_lists(IplDeviceComponentList *comp_list,
cert_list->ipl_info_header.len = sizeof(IplInfoBlockHeader);
}
+static void check_comp_overlap(IplDeviceComponentList *comp_list,
+ IplDeviceComponentEntry comp_entry)
+{
+ IplDeviceComponentEntry *comp;
+
+ /*
+ * Check component's address range does not overlap with any
+ * signed component's address range.
+ */
+ for_each_rb_entry(comp, comp_list) {
+ if (comp->flags & S390_IPL_DEV_COMP_FLAG_SC &&
+ intersects(comp->addr, comp->len, comp_entry.addr, comp_entry.len)) {
+ zipl_secure_error("Component addresses overlap");
+ }
+ }
+}
+
static int zipl_load_signature(ComponentEntry *entry, uint64_t sig)
{
if (entry->compdat.sig_info.format != DER_SIGNATURE_FORMAT) {
@@ -287,6 +304,8 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
comp_entry.addr = comp_addr;
comp_entry.len = (uint64_t)comp_len;
+ check_comp_overlap(comp_list, comp_entry);
+
/* no signature present (unsigned component) */
if (!sig_entry.len) {
comp_list_add(comp_list, comp_entry);
diff --git a/pc-bios/s390-ccw/secure-ipl.h b/pc-bios/s390-ccw/secure-ipl.h
index d5d6d6f7ac..1b1287858b 100644
--- a/pc-bios/s390-ccw/secure-ipl.h
+++ b/pc-bios/s390-ccw/secure-ipl.h
@@ -113,4 +113,10 @@ static inline bool verify_signature(IplDeviceComponentEntry comp_entry,
return false;
}
+static inline bool intersects(uint64_t addr0, uint64_t size0,
+ uint64_t addr1, uint64_t size1)
+{
+ return addr0 + size0 > addr1 && addr1 + size1 > addr0;
+}
+
#endif /* _PC_BIOS_S390_CCW_SECURE_IPL_H */
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 24/35] pc-bios/s390-ccw: Add signed component address overlap checks
2026-07-01 20:49 ` [PATCH v12 24/35] pc-bios/s390-ccw: Add signed component address overlap checks Zhuoying Cai
@ 2026-07-02 2:49 ` Jared Rossi
0 siblings, 0 replies; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 2:49 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> Add address range tracking and overlap checks to ensure that no
> component overlaps with a signed component during secure IPL.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> pc-bios/s390-ccw/secure-ipl.c | 19 +++++++++++++++++++
> pc-bios/s390-ccw/secure-ipl.h | 6 ++++++
> 2 files changed, 25 insertions(+)
>
> diff --git a/pc-bios/s390-ccw/secure-ipl.c b/pc-bios/s390-ccw/secure-ipl.c
> index 2d9a4cbc02..af98881aa5 100644
> --- a/pc-bios/s390-ccw/secure-ipl.c
> +++ b/pc-bios/s390-ccw/secure-ipl.c
> @@ -193,6 +193,23 @@ static void init_lists(IplDeviceComponentList *comp_list,
> cert_list->ipl_info_header.len = sizeof(IplInfoBlockHeader);
> }
>
> +static void check_comp_overlap(IplDeviceComponentList *comp_list,
> + IplDeviceComponentEntry comp_entry)
> +{
> + IplDeviceComponentEntry *comp;
> +
> + /*
> + * Check component's address range does not overlap with any
> + * signed component's address range.
> + */
> + for_each_rb_entry(comp, comp_list) {
> + if (comp->flags & S390_IPL_DEV_COMP_FLAG_SC &&
> + intersects(comp->addr, comp->len, comp_entry.addr, comp_entry.len)) {
> + zipl_secure_error("Component addresses overlap");
> + }
> + }
> +}
> +
> static int zipl_load_signature(ComponentEntry *entry, uint64_t sig)
> {
> if (entry->compdat.sig_info.format != DER_SIGNATURE_FORMAT) {
> @@ -287,6 +304,8 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
> comp_entry.addr = comp_addr;
> comp_entry.len = (uint64_t)comp_len;
>
> + check_comp_overlap(comp_list, comp_entry);
> +
> /* no signature present (unsigned component) */
> if (!sig_entry.len) {
> comp_list_add(comp_list, comp_entry);
> diff --git a/pc-bios/s390-ccw/secure-ipl.h b/pc-bios/s390-ccw/secure-ipl.h
> index d5d6d6f7ac..1b1287858b 100644
> --- a/pc-bios/s390-ccw/secure-ipl.h
> +++ b/pc-bios/s390-ccw/secure-ipl.h
> @@ -113,4 +113,10 @@ static inline bool verify_signature(IplDeviceComponentEntry comp_entry,
> return false;
> }
>
> +static inline bool intersects(uint64_t addr0, uint64_t size0,
> + uint64_t addr1, uint64_t size1)
> +{
> + return addr0 + size0 > addr1 && addr1 + size1 > addr0;
> +}
> +
> #endif /* _PC_BIOS_S390_CCW_SECURE_IPL_H */
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 25/35] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF)
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (23 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 24/35] pc-bios/s390-ccw: Add signed component address overlap checks Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-01 20:49 ` [PATCH v12 26/35] pc-bios/s390-ccw: Add additional security checks for secure boot Zhuoying Cai
` (9 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
The secure-IPL-code-loading-attributes facility (SCLAF)
provides additional security during secure IPL.
Availability of SCLAF is determined by byte 136 bit 3 of the
SCLP Read Info block.
This feature is available starting with the gen16 CPU model.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
---
docs/specs/s390x-secure-ipl.rst | 18 ++++++++++++++++++
target/s390x/cpu_features.c | 2 ++
target/s390x/cpu_features_def.h.inc | 1 +
target/s390x/cpu_models.c | 3 +++
target/s390x/gen-features.c | 2 ++
target/s390x/kvm/kvm.c | 1 +
6 files changed, 27 insertions(+)
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
index a183d46b61..0f92ff96b9 100644
--- a/docs/specs/s390x-secure-ipl.rst
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -122,3 +122,21 @@ The guest kernel uses the contents in the IIRB for:
* Boot logging: reports which components were loaded and verified.
* kexec operations: builds the next kernel’s IPL report from the existing one.
* Keying: installs IPL certificates into the platform trusted keyring.
+
+Secure Code Loading Attributes Facility
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The Secure Code Loading Attributes Facility (SCLAF) enhances system security
+during the IPL by enforcing additional verification rules.
+
+When SCLAF is available, its behavior depends on the IPL mode. It introduces
+verification of both signed and unsigned components to help ensure that only
+authorized code is loaded during the IPL process. Any errors detected by SCLAF
+are reported in the IIRB.
+
+Unsigned components are restricted to load addresses at or above absolute
+storage address ``0x2000``.
+
+Signed components must include a Secure Code Loading Attribute Block (SCLAB),
+which is appended at the very end of the component. The SCLAB defines security
+attributes for handling the signed code.
diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c
index 200bd8c15b..29ea3bfec2 100644
--- a/target/s390x/cpu_features.c
+++ b/target/s390x/cpu_features.c
@@ -120,6 +120,7 @@ void s390_fill_feat_block(const S390FeatBitmap features, S390FeatType type,
* - All SIE facilities because SIE is not available
* - DIAG318
* - Secure IPL Facility
+ * - Secure IPL Code Loading Attributes Facility
*
* As VMs can move in and out of protected mode the CPU model
* doesn't protect us from that problem because it is only
@@ -152,6 +153,7 @@ void s390_fill_feat_block(const S390FeatBitmap features, S390FeatType type,
break;
case S390_FEAT_TYPE_SCLP_FAC_IPL:
clear_be_bit(s390_feat_def(S390_FEAT_SIPL)->bit, data);
+ clear_be_bit(s390_feat_def(S390_FEAT_SCLAF)->bit, data);
break;
default:
return;
diff --git a/target/s390x/cpu_features_def.h.inc b/target/s390x/cpu_features_def.h.inc
index bcf8a666e4..f6ba9e87e1 100644
--- a/target/s390x/cpu_features_def.h.inc
+++ b/target/s390x/cpu_features_def.h.inc
@@ -142,6 +142,7 @@ DEF_FEAT(CERT_STORE, "cstore", SCLP_FAC134, 5, "Certificate Store functions")
/* Features exposed via SCLP SCCB Facilities byte 136 - 137 (bit numbers relative to byte-136) */
DEF_FEAT(SIPL, "sipl", SCLP_FAC_IPL, 1, "Secure-IPL facility")
+DEF_FEAT(SCLAF, "sclaf", SCLP_FAC_IPL, 3, "Secure-IPL-code-loading-attributes facility")
/* Features exposed via SCLP CPU info. */
DEF_FEAT(SIE_F2, "sief2", SCLP_CPU, 4, "SIE: interception format 2 (Virtual SIE)")
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index a52e34aa95..7de727a256 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -264,6 +264,7 @@ bool s390_has_feat(S390Feat feat)
case S390_FEAT_SIE_PFMFI:
case S390_FEAT_SIE_IBS:
case S390_FEAT_SIPL:
+ case S390_FEAT_SCLAF:
case S390_FEAT_CONFIGURATION_TOPOLOGY:
return false;
break;
@@ -509,6 +510,8 @@ static void check_consistency(const S390CPUModel *model)
{ S390_FEAT_DIAG_318, S390_FEAT_EXTENDED_LENGTH_SCCB },
{ S390_FEAT_CERT_STORE, S390_FEAT_EXTENDED_LENGTH_SCCB },
{ S390_FEAT_SIPL, S390_FEAT_EXTENDED_LENGTH_SCCB },
+ { S390_FEAT_SCLAF, S390_FEAT_EXTENDED_LENGTH_SCCB },
+ { S390_FEAT_SCLAF, S390_FEAT_SIPL },
{ S390_FEAT_NNPA, S390_FEAT_VECTOR },
{ S390_FEAT_RDP, S390_FEAT_LOCAL_TLB_CLEARING },
{ S390_FEAT_UV_FEAT_AP, S390_FEAT_AP },
diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
index bd2060ab93..c3e0c6ceff 100644
--- a/target/s390x/gen-features.c
+++ b/target/s390x/gen-features.c
@@ -722,6 +722,7 @@ static uint16_t full_GEN16_GA1[] = {
S390_FEAT_UV_FEAT_AP_INTR,
S390_FEAT_CERT_STORE,
S390_FEAT_SIPL,
+ S390_FEAT_SCLAF,
};
static uint16_t full_GEN17_GA1[] = {
@@ -924,6 +925,7 @@ static uint16_t qemu_MAX[] = {
S390_FEAT_EXTENDED_LENGTH_SCCB,
S390_FEAT_CERT_STORE,
S390_FEAT_SIPL,
+ S390_FEAT_SCLAF,
};
/****** END FEATURE DEFS ******/
diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
index 61ac6c84a0..52bbd560bd 100644
--- a/target/s390x/kvm/kvm.c
+++ b/target/s390x/kvm/kvm.c
@@ -2503,6 +2503,7 @@ bool kvm_s390_get_host_cpu_model(S390CPUModel *model, Error **errp)
/* Some Secure IPL facilities are emulated by QEMU */
set_bit(S390_FEAT_SIPL, model->features);
+ set_bit(S390_FEAT_SCLAF, model->features);
/* Test for Ultravisor features that influence secure guest behavior */
query_uv_feat_guest(model->features);
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 26/35] pc-bios/s390-ccw: Add additional security checks for secure boot
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (24 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 25/35] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF) Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 16:08 ` Eric Farman
2026-07-01 20:49 ` [PATCH v12 27/35] Add secure-boot to s390-ccw-virtio machine type option Zhuoying Cai
` (8 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Add additional checks to ensure that components do not overlap with
signed components when loaded into memory.
Add additional checks to ensure the load addresses of unsigned components
are greater than or equal to 0x2000.
When the secure IPL code loading attributes facility (SCLAF) is installed,
all signed components must contain a secure code loading attributes block
(SCLAB).
The SCLAB provides further validation of information on where to load the
signed binary code from the load device, and where to start the execution
of the loaded OS code.
When SCLAF is installed, its content must be evaluated during secure IPL.
Add IPL Information Error Indicators (IIEI) and Component Error
Indicators (CEI) for IPL Information Report Block (IIRB).
When SCLAF is installed, additional secure boot checks are performed
during zipl and store results of verification into IIRB.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
include/hw/s390x/ipl/qipl.h | 29 +++++-
pc-bios/s390-ccw/sclp.h | 1 +
pc-bios/s390-ccw/secure-ipl.c | 170 +++++++++++++++++++++++++++++++++-
pc-bios/s390-ccw/secure-ipl.h | 51 ++++++++++
4 files changed, 246 insertions(+), 5 deletions(-)
diff --git a/include/hw/s390x/ipl/qipl.h b/include/hw/s390x/ipl/qipl.h
index 2b29dfa8c5..f05c4a7206 100644
--- a/include/hw/s390x/ipl/qipl.h
+++ b/include/hw/s390x/ipl/qipl.h
@@ -167,10 +167,20 @@ struct IplInfoReportBlockHeader {
};
typedef struct IplInfoReportBlockHeader IplInfoReportBlockHeader;
+/* IPL Info Error Indicators */
+#define S390_IIEI_NO_SIGNED_COMP 0x8000 /* bit 0 */
+#define S390_IIEI_NO_SCLAB 0x4000 /* bit 1 */
+#define S390_IIEI_NO_GLOBAL_SCLAB 0x2000 /* bit 2 */
+#define S390_IIEI_MORE_GLOBAL_SCLAB 0x1000 /* bit 3 */
+#define S390_IIEI_FOUND_UNSIGNED_COMP 0x800 /* bit 4 */
+#define S390_IIEI_MORE_SIGNED_COMP 0x400 /* bit 5 */
+
struct IplInfoBlockHeader {
uint32_t len;
uint8_t type;
- uint8_t reserved1[11];
+ uint8_t reserved1[3];
+ uint16_t iiei;
+ uint8_t reserved2[6];
};
typedef struct IplInfoBlockHeader IplInfoBlockHeader;
@@ -194,13 +204,28 @@ typedef struct IplSignatureCertificateList IplSignatureCertificateList;
#define S390_IPL_DEV_COMP_FLAG_SC 0x80
#define S390_IPL_DEV_COMP_FLAG_CSV 0x40
+/* IPL Device Component Error Indicators */
+#define S390_CEI_INVALID_SCLAB 0x80000000 /* bit 0 */
+#define S390_CEI_INVALID_SCLAB_LEN 0x40000000 /* bit 1 */
+#define S390_CEI_INVALID_SCLAB_FORMAT 0x20000000 /* bit 2 */
+#define S390_CEI_UNMATCHED_SCLAB_LOAD_ADDR 0x10000000 /* bit 3 */
+#define S390_CEI_UNMATCHED_SCLAB_LOAD_PSW 0x8000000 /* bit 4 */
+#define S390_CEI_INVALID_LOAD_PSW 0x4000000 /* bit 5 */
+#define S390_CEI_NUC_NOT_IN_GLOBAL_SCLAB 0x2000000 /* bit 6 */
+#define S390_CEI_SCLAB_OLA_NOT_ONE 0x1000000 /* bit 7 */
+#define S390_CEI_SC_NOT_IN_GLOBAL_SCLAB 0x800000 /* bit 8 */
+#define S390_CEI_SCLAB_LOAD_ADDR_NOT_ZERO 0x400000 /* bit 9 */
+#define S390_CEI_SCLAB_LOAD_PSW_NOT_ZERO 0x200000 /* bit 10 */
+#define S390_CEI_INVALID_UNSIGNED_ADDR 0x100000 /* bit 11 */
+
struct IplDeviceComponentEntry {
uint64_t addr;
uint64_t len;
uint8_t flags;
uint8_t reserved1[5];
uint16_t cert_index;
- uint8_t reserved2[8];
+ uint32_t cei;
+ uint8_t reserved2[4];
};
typedef struct IplDeviceComponentEntry IplDeviceComponentEntry;
diff --git a/pc-bios/s390-ccw/sclp.h b/pc-bios/s390-ccw/sclp.h
index a8a41cd004..cae65b29b5 100644
--- a/pc-bios/s390-ccw/sclp.h
+++ b/pc-bios/s390-ccw/sclp.h
@@ -52,6 +52,7 @@ typedef struct SCCBHeader {
#define SCCB_DATA_LEN (SCCB_SIZE - sizeof(SCCBHeader))
#define SCCB_FAC134_DIAG320_BIT 0x4
#define SCCB_FAC_IPL_SIPL_BIT 0x4000
+#define SCCB_FAC_IPL_SCLAF_BIT 0x1000
typedef struct ReadInfo {
SCCBHeader h;
diff --git a/pc-bios/s390-ccw/secure-ipl.c b/pc-bios/s390-ccw/secure-ipl.c
index af98881aa5..c92d8e2aff 100644
--- a/pc-bios/s390-ccw/secure-ipl.c
+++ b/pc-bios/s390-ccw/secure-ipl.c
@@ -180,6 +180,12 @@ bool secure_ipl_supported(void)
return false;
}
+ if (!sclp_is_fac_ipl_flag_on(SCCB_FAC_IPL_SCLAF_BIT)) {
+ puts("Secure IPL Code Loading Attributes Facility is not supported by"
+ " the hypervisor!");
+ return false;
+ }
+
return true;
}
@@ -210,6 +216,147 @@ static void check_comp_overlap(IplDeviceComponentList *comp_list,
}
}
+static bool is_psw_valid(uint64_t psw, IplDeviceComponentEntry *comp)
+{
+ uint32_t addr = psw & 0x7fffffff;
+
+ /*
+ * PSW points within a signed binary code component
+ *
+ * Check addr falls within [comp->addr, comp->addr + comp->len - 2],
+ * ensuring at least 2 bytes (minimum instruction length) remain.
+ */
+ return intersects(addr, 1, comp->addr, comp->len - 1);
+}
+
+void check_global_sclab(const SclaBlock *global_sclab,
+ IplDeviceComponentEntry *comp_entry,
+ IplDeviceComponentList *comp_list)
+{
+ bool psw_valid = false;
+ bool global_psw_valid = false;
+ int signed_count = 0;
+ int unsigned_count = 0;
+ IplDeviceComponentEntry *comp;
+
+ if (!global_sclab) {
+ comp_list->ipl_info_header.iiei |= S390_IIEI_NO_GLOBAL_SCLAB;
+ zipl_secure_error("Global SCLAB does not exist");
+ return;
+ }
+
+ for_each_rb_entry(comp, comp_list) {
+ if (comp->flags & S390_IPL_DEV_COMP_FLAG_SC) {
+ psw_valid |= is_psw_valid(comp_entry->addr, comp);
+ global_psw_valid |= is_psw_valid(global_sclab->load_psw, comp);
+ signed_count += 1;
+ } else {
+ unsigned_count += 1;
+ }
+ }
+
+ /* validate load PSW with PSW specified in the final entry */
+ zipl_secure_validate(psw_valid && global_psw_valid, &comp_entry->cei,
+ S390_CEI_INVALID_LOAD_PSW, "Invalid PSW");
+
+ /* compare load PSW with the PSW specified in component */
+ zipl_secure_validate(global_sclab->load_psw == comp_entry->addr,
+ &comp_entry->cei, S390_CEI_UNMATCHED_SCLAB_LOAD_PSW,
+ "Load PSW does not match with PSW in component");
+
+ /* Unsigned components are not allowed if NUC flag is set in the global SCLAB */
+ if ((global_sclab->flags & S390_SCLAB_NUC) && unsigned_count > 0) {
+ comp_list->ipl_info_header.iiei |= S390_IIEI_FOUND_UNSIGNED_COMP;
+ zipl_secure_error("Unsigned components are not allowed");
+ }
+
+ /*
+ * Only one signed component is allowed if SC flag is set in the global SCLAB
+ * More than one component in the component table is not allowed
+ */
+ if ((global_sclab->flags & S390_SCLAB_SC) &&
+ (signed_count != 1 || unsigned_count != 0)) {
+ comp_list->ipl_info_header.iiei |= S390_IIEI_MORE_SIGNED_COMP;
+ zipl_secure_error("Only one signed component is allowed");
+ }
+}
+
+static void check_sclab(SclaBlock **global_sclab,
+ IplDeviceComponentEntry *comp_entry,
+ IplInfoBlockHeader *comp_list_hdr)
+{
+ SclabOriginLocator *sclab_locator;
+ SclaBlock *sclab;
+
+ /* sclab locator is located at the last 8 bytes of the signed comp */
+ sclab_locator = (SclabOriginLocator *)(comp_entry->addr +
+ comp_entry->len - 8);
+
+ /* return early if sclab does not exist */
+ zipl_secure_validate(magic_match(sclab_locator->magic, ZIPL_MAGIC),
+ &comp_entry->cei, S390_CEI_INVALID_SCLAB,
+ "Magic does not match. SCLAB does not exist");
+
+ if (comp_entry->cei & S390_CEI_INVALID_SCLAB) {
+ return;
+ }
+
+ zipl_secure_validate(sclab_locator->len >= S390_SCLAB_MIN_LEN, &comp_entry->cei,
+ S390_CEI_INVALID_SCLAB_LEN | S390_CEI_INVALID_SCLAB,
+ "Invalid SCLAB length");
+
+ /* return early if sclab is invalid */
+ if (comp_entry->cei & S390_CEI_INVALID_SCLAB) {
+ return;
+ }
+
+ sclab = (SclaBlock *)(comp_entry->addr + comp_entry->len -
+ sclab_locator->len);
+
+ zipl_secure_validate(sclab->format == 0, &comp_entry->cei,
+ S390_CEI_INVALID_SCLAB_FORMAT,
+ "Format-0 SCLAB is not being used");
+
+ if (!(sclab->flags & S390_SCLAB_OPSW)) {
+ /* OPSW = 0 - Load PSW field in SCLAB must contain zeros */
+ zipl_secure_validate(sclab->load_psw == 0, &comp_entry->cei,
+ S390_CEI_SCLAB_LOAD_PSW_NOT_ZERO,
+ "Load PSW is not zero when Override PSW bit is zero");
+ } else {
+ /* OPSW = 1 indicating global SCLAB */
+ if (*global_sclab) {
+ comp_list_hdr->iiei |= S390_IIEI_MORE_GLOBAL_SCLAB;
+ zipl_secure_error("More than one global SCLAB");
+ }
+ *global_sclab = sclab;
+
+ /* override load address flag must set to one */
+ zipl_secure_validate(sclab->flags & S390_SCLAB_OLA, &comp_entry->cei,
+ S390_CEI_SCLAB_OLA_NOT_ONE,
+ "OLA flag is not set to one in the global SCLAB");
+ }
+
+ if (!(sclab->flags & S390_SCLAB_OLA)) {
+ /* OLA = 0 - Load address field in SCLAB must contain zeros */
+ zipl_secure_validate(sclab->load_addr == 0, &comp_entry->cei,
+ S390_CEI_SCLAB_LOAD_ADDR_NOT_ZERO,
+ "Load Address is not zero when OLA flag is zero");
+ } else {
+ /* OLA = 1 - Load address field must match storage address of the component */
+ zipl_secure_validate(sclab->load_addr == comp_entry->addr, &comp_entry->cei,
+ S390_CEI_UNMATCHED_SCLAB_LOAD_ADDR,
+ "Load Address does not match with component load address");
+ }
+
+ zipl_secure_validate(~sclab->flags & S390_SCLAB_NUC || sclab->flags & S390_SCLAB_OPSW,
+ &comp_entry->cei, S390_CEI_NUC_NOT_IN_GLOBAL_SCLAB,
+ "NUC bit is set, but not in the global SCLAB");
+
+ zipl_secure_validate(~sclab->flags & S390_SCLAB_SC || sclab->flags & S390_SCLAB_OPSW,
+ &comp_entry->cei, S390_CEI_SC_NOT_IN_GLOBAL_SCLAB,
+ "SC bit is set, but not in the global SCLAB");
+}
+
static int zipl_load_signature(ComponentEntry *entry, uint64_t sig)
{
if (entry->compdat.sig_info.format != DER_SIGNATURE_FORMAT) {
@@ -268,6 +415,8 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
uint8_t *tmp_buf;
bool verified;
bool signed_found = false;
+ bool sclab_found = false;
+ SclaBlock *global_sclab = NULL;
if ((MAX_SIGNED_COMP * CERT_BUF_MAX_LEN) > (CERT_BUF_SIZE)) {
panic("Not enough memory to store certificates");
@@ -308,6 +457,10 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
/* no signature present (unsigned component) */
if (!sig_entry.len) {
+ zipl_secure_validate(comp_entry.addr >= S390_UNSIGNED_MIN_ADDR,
+ &comp_entry.cei, S390_CEI_INVALID_UNSIGNED_ADDR,
+ "Load address for unsigned component is less than 0x2000");
+
comp_list_add(comp_list, comp_entry);
break;
}
@@ -319,6 +472,9 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
comp_entry.flags = S390_IPL_DEV_COMP_FLAG_SC;
signed_found = true;
+ check_sclab(&global_sclab, &comp_entry, &comp_list->ipl_info_header);
+ sclab_found |= !(comp_entry.cei & S390_CEI_INVALID_SCLAB);
+
cert_entry = (IplSignatureCertificateEntry) { 0 };
verified = verify_signature(comp_entry, sig_entry,
&cert_entry.len, &cert_table_idx);
@@ -364,9 +520,17 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
}
}
- if (!signed_found) {
- zipl_secure_error("Secure boot is on, but components are not signed");
- }
+ zipl_secure_validate(signed_found, &comp_list->ipl_info_header.iiei,
+ S390_IIEI_NO_SIGNED_COMP,
+ "Secure boot is on, but components are not signed");
+
+ zipl_secure_validate(sclab_found, &comp_list->ipl_info_header.iiei,
+ S390_IIEI_NO_SCLAB, "No recognizable SCLAB");
+
+ comp_entry = (IplDeviceComponentEntry){ 0 };
+ comp_entry.addr = entry->compdat.load_psw;
+ check_global_sclab(global_sclab, &comp_entry, comp_list);
+ comp_list_add(comp_list, comp_entry);
*entry_ptr = entry;
free((void *)sig_entry.addr);
diff --git a/pc-bios/s390-ccw/secure-ipl.h b/pc-bios/s390-ccw/secure-ipl.h
index 1b1287858b..1bacb4987a 100644
--- a/pc-bios/s390-ccw/secure-ipl.h
+++ b/pc-bios/s390-ccw/secure-ipl.h
@@ -27,6 +27,33 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
IplSignatureCertificateList *cert_list,
uint8_t **tmp_cert_buf);
+#define S390_SCLAB_OPSW 0x8000 /* override PSW flag */
+#define S390_SCLAB_OLA 0x4000 /* override load address flag */
+#define S390_SCLAB_NUC 0x2000 /* no unsigned components flag */
+#define S390_SCLAB_SC 0x1000 /* single component flag */
+
+#define S390_SCLAB_MIN_LEN 32
+#define S390_UNSIGNED_MIN_ADDR 0x2000
+
+/* Secure Code Loading Attributes Block */
+struct SclaBlock {
+ uint8_t format;
+ uint8_t reserved1;
+ uint16_t flags;
+ uint8_t reserved2[4];
+ uint64_t load_psw;
+ uint64_t load_addr;
+ uint64_t reserved3[];
+} __attribute__ ((packed));
+typedef struct SclaBlock SclaBlock;
+
+struct SclabOriginLocator {
+ uint8_t reserved[2];
+ uint16_t len;
+ uint8_t magic[4];
+} __attribute__ ((packed));
+typedef struct SclabOriginLocator SclabOriginLocator;
+
static inline void zipl_secure_error(const char *message)
{
switch (boot_mode) {
@@ -38,6 +65,30 @@ static inline void zipl_secure_error(const char *message)
}
}
+static inline void zipl_secure_validate_u16(bool condition, uint16_t *flags,
+ uint16_t flag, const char *message)
+{
+ if (!condition) {
+ *flags |= flag;
+ zipl_secure_error(message);
+ }
+}
+
+static inline void zipl_secure_validate_u32(bool condition, uint32_t *flags,
+ uint32_t flag, const char *message)
+{
+ if (!condition) {
+ *flags |= flag;
+ zipl_secure_error(message);
+ }
+}
+
+#define zipl_secure_validate(condition, flags, flag, message) \
+ _Generic((flags), \
+ uint16_t * : zipl_secure_validate_u16, \
+ uint32_t * : zipl_secure_validate_u32 \
+ )(condition, flags, flag, message)
+
static inline uint64_t _diag320(void *data, unsigned long subcode)
{
register unsigned long addr asm("0") = (unsigned long)data;
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 26/35] pc-bios/s390-ccw: Add additional security checks for secure boot
2026-07-01 20:49 ` [PATCH v12 26/35] pc-bios/s390-ccw: Add additional security checks for secure boot Zhuoying Cai
@ 2026-07-02 16:08 ` Eric Farman
2026-07-02 20:47 ` Zhuoying Cai
0 siblings, 1 reply; 71+ messages in thread
From: Eric Farman @ 2026-07-02 16:08 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On Wed, 2026-07-01 at 16:49 -0400, Zhuoying Cai wrote:
> Add additional checks to ensure that components do not overlap with
> signed components when loaded into memory.
>
> Add additional checks to ensure the load addresses of unsigned components
> are greater than or equal to 0x2000.
>
> When the secure IPL code loading attributes facility (SCLAF) is installed,
> all signed components must contain a secure code loading attributes block
> (SCLAB).
>
> The SCLAB provides further validation of information on where to load the
> signed binary code from the load device, and where to start the execution
> of the loaded OS code.
>
> When SCLAF is installed, its content must be evaluated during secure IPL.
>
> Add IPL Information Error Indicators (IIEI) and Component Error
> Indicators (CEI) for IPL Information Report Block (IIRB).
>
> When SCLAF is installed, additional secure boot checks are performed
> during zipl and store results of verification into IIRB.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> include/hw/s390x/ipl/qipl.h | 29 +++++-
> pc-bios/s390-ccw/sclp.h | 1 +
> pc-bios/s390-ccw/secure-ipl.c | 170 +++++++++++++++++++++++++++++++++-
> pc-bios/s390-ccw/secure-ipl.h | 51 ++++++++++
> 4 files changed, 246 insertions(+), 5 deletions(-)
>
> diff --git a/include/hw/s390x/ipl/qipl.h b/include/hw/s390x/ipl/qipl.h
> index 2b29dfa8c5..f05c4a7206 100644
> --- a/include/hw/s390x/ipl/qipl.h
> +++ b/include/hw/s390x/ipl/qipl.h
> @@ -167,10 +167,20 @@ struct IplInfoReportBlockHeader {
> };
> typedef struct IplInfoReportBlockHeader IplInfoReportBlockHeader;
>
> +/* IPL Info Error Indicators */
> +#define S390_IIEI_NO_SIGNED_COMP 0x8000 /* bit 0 */
> +#define S390_IIEI_NO_SCLAB 0x4000 /* bit 1 */
> +#define S390_IIEI_NO_GLOBAL_SCLAB 0x2000 /* bit 2 */
> +#define S390_IIEI_MORE_GLOBAL_SCLAB 0x1000 /* bit 3 */
> +#define S390_IIEI_FOUND_UNSIGNED_COMP 0x800 /* bit 4 */
> +#define S390_IIEI_MORE_SIGNED_COMP 0x400 /* bit 5 */
> +
> struct IplInfoBlockHeader {
> uint32_t len;
> uint8_t type;
> - uint8_t reserved1[11];
> + uint8_t reserved1[3];
> + uint16_t iiei;
> + uint8_t reserved2[6];
> };
> typedef struct IplInfoBlockHeader IplInfoBlockHeader;
>
> @@ -194,13 +204,28 @@ typedef struct IplSignatureCertificateList IplSignatureCertificateList;
> #define S390_IPL_DEV_COMP_FLAG_SC 0x80
> #define S390_IPL_DEV_COMP_FLAG_CSV 0x40
>
> +/* IPL Device Component Error Indicators */
> +#define S390_CEI_INVALID_SCLAB 0x80000000 /* bit 0 */
> +#define S390_CEI_INVALID_SCLAB_LEN 0x40000000 /* bit 1 */
> +#define S390_CEI_INVALID_SCLAB_FORMAT 0x20000000 /* bit 2 */
> +#define S390_CEI_UNMATCHED_SCLAB_LOAD_ADDR 0x10000000 /* bit 3 */
> +#define S390_CEI_UNMATCHED_SCLAB_LOAD_PSW 0x8000000 /* bit 4 */
> +#define S390_CEI_INVALID_LOAD_PSW 0x4000000 /* bit 5 */
> +#define S390_CEI_NUC_NOT_IN_GLOBAL_SCLAB 0x2000000 /* bit 6 */
> +#define S390_CEI_SCLAB_OLA_NOT_ONE 0x1000000 /* bit 7 */
> +#define S390_CEI_SC_NOT_IN_GLOBAL_SCLAB 0x800000 /* bit 8 */
> +#define S390_CEI_SCLAB_LOAD_ADDR_NOT_ZERO 0x400000 /* bit 9 */
> +#define S390_CEI_SCLAB_LOAD_PSW_NOT_ZERO 0x200000 /* bit 10 */
> +#define S390_CEI_INVALID_UNSIGNED_ADDR 0x100000 /* bit 11 */
> +
> struct IplDeviceComponentEntry {
> uint64_t addr;
> uint64_t len;
> uint8_t flags;
> uint8_t reserved1[5];
> uint16_t cert_index;
> - uint8_t reserved2[8];
> + uint32_t cei;
> + uint8_t reserved2[4];
> };
> typedef struct IplDeviceComponentEntry IplDeviceComponentEntry;
>
> diff --git a/pc-bios/s390-ccw/sclp.h b/pc-bios/s390-ccw/sclp.h
> index a8a41cd004..cae65b29b5 100644
> --- a/pc-bios/s390-ccw/sclp.h
> +++ b/pc-bios/s390-ccw/sclp.h
> @@ -52,6 +52,7 @@ typedef struct SCCBHeader {
> #define SCCB_DATA_LEN (SCCB_SIZE - sizeof(SCCBHeader))
> #define SCCB_FAC134_DIAG320_BIT 0x4
> #define SCCB_FAC_IPL_SIPL_BIT 0x4000
> +#define SCCB_FAC_IPL_SCLAF_BIT 0x1000
>
> typedef struct ReadInfo {
> SCCBHeader h;
> diff --git a/pc-bios/s390-ccw/secure-ipl.c b/pc-bios/s390-ccw/secure-ipl.c
> index af98881aa5..c92d8e2aff 100644
> --- a/pc-bios/s390-ccw/secure-ipl.c
> +++ b/pc-bios/s390-ccw/secure-ipl.c
> @@ -180,6 +180,12 @@ bool secure_ipl_supported(void)
> return false;
> }
>
> + if (!sclp_is_fac_ipl_flag_on(SCCB_FAC_IPL_SCLAF_BIT)) {
> + puts("Secure IPL Code Loading Attributes Facility is not supported by"
> + " the hypervisor!");
> + return false;
> + }
> +
> return true;
> }
>
> @@ -210,6 +216,147 @@ static void check_comp_overlap(IplDeviceComponentList *comp_list,
> }
> }
>
> +static bool is_psw_valid(uint64_t psw, IplDeviceComponentEntry *comp)
> +{
> + uint32_t addr = psw & 0x7fffffff;
> +
> + /*
> + * PSW points within a signed binary code component
> + *
> + * Check addr falls within [comp->addr, comp->addr + comp->len - 2],
> + * ensuring at least 2 bytes (minimum instruction length) remain.
> + */
> + return intersects(addr, 1, comp->addr, comp->len - 1);
> +}
> +
> +void check_global_sclab(const SclaBlock *global_sclab,
> + IplDeviceComponentEntry *comp_entry,
> + IplDeviceComponentList *comp_list)
> +{
> + bool psw_valid = false;
> + bool global_psw_valid = false;
> + int signed_count = 0;
> + int unsigned_count = 0;
> + IplDeviceComponentEntry *comp;
> +
> + if (!global_sclab) {
> + comp_list->ipl_info_header.iiei |= S390_IIEI_NO_GLOBAL_SCLAB;
> + zipl_secure_error("Global SCLAB does not exist");
> + return;
> + }
> +
> + for_each_rb_entry(comp, comp_list) {
> + if (comp->flags & S390_IPL_DEV_COMP_FLAG_SC) {
> + psw_valid |= is_psw_valid(comp_entry->addr, comp);
> + global_psw_valid |= is_psw_valid(global_sclab->load_psw, comp);
> + signed_count += 1;
> + } else {
> + unsigned_count += 1;
> + }
> + }
> +
> + /* validate load PSW with PSW specified in the final entry */
> + zipl_secure_validate(psw_valid && global_psw_valid, &comp_entry->cei,
> + S390_CEI_INVALID_LOAD_PSW, "Invalid PSW");
> +
> + /* compare load PSW with the PSW specified in component */
> + zipl_secure_validate(global_sclab->load_psw == comp_entry->addr,
> + &comp_entry->cei, S390_CEI_UNMATCHED_SCLAB_LOAD_PSW,
> + "Load PSW does not match with PSW in component");
> +
> + /* Unsigned components are not allowed if NUC flag is set in the global SCLAB */
> + if ((global_sclab->flags & S390_SCLAB_NUC) && unsigned_count > 0) {
> + comp_list->ipl_info_header.iiei |= S390_IIEI_FOUND_UNSIGNED_COMP;
> + zipl_secure_error("Unsigned components are not allowed");
> + }
> +
> + /*
> + * Only one signed component is allowed if SC flag is set in the global SCLAB
> + * More than one component in the component table is not allowed
> + */
> + if ((global_sclab->flags & S390_SCLAB_SC) &&
> + (signed_count != 1 || unsigned_count != 0)) {
> + comp_list->ipl_info_header.iiei |= S390_IIEI_MORE_SIGNED_COMP;
> + zipl_secure_error("Only one signed component is allowed");
> + }
> +}
> +
> +static void check_sclab(SclaBlock **global_sclab,
> + IplDeviceComponentEntry *comp_entry,
> + IplInfoBlockHeader *comp_list_hdr)
> +{
> + SclabOriginLocator *sclab_locator;
> + SclaBlock *sclab;
> +
> + /* sclab locator is located at the last 8 bytes of the signed comp */
> + sclab_locator = (SclabOriginLocator *)(comp_entry->addr +
> + comp_entry->len - 8);
Need to verify that len >=8, otherwise who knows what gets read.
> +
> + /* return early if sclab does not exist */
> + zipl_secure_validate(magic_match(sclab_locator->magic, ZIPL_MAGIC),
> + &comp_entry->cei, S390_CEI_INVALID_SCLAB,
> + "Magic does not match. SCLAB does not exist");
> +
> + if (comp_entry->cei & S390_CEI_INVALID_SCLAB) {
> + return;
> + }
> +
> + zipl_secure_validate(sclab_locator->len >= S390_SCLAB_MIN_LEN, &comp_entry->cei,
> + S390_CEI_INVALID_SCLAB_LEN | S390_CEI_INVALID_SCLAB,
> + "Invalid SCLAB length");
> +
> + /* return early if sclab is invalid */
> + if (comp_entry->cei & S390_CEI_INVALID_SCLAB) {
> + return;
> + }
I get why these two conditions (missing/invalid SCLAB) cause us to stop processing when in audit
mode...
> +
> + sclab = (SclaBlock *)(comp_entry->addr + comp_entry->len -
> + sclab_locator->len);
> +
> + zipl_secure_validate(sclab->format == 0, &comp_entry->cei,
> + S390_CEI_INVALID_SCLAB_FORMAT,
> + "Format-0 SCLAB is not being used");
...but why doesn't this one (SCLAB format)? Do the subsequent flags checks all apply regardless of
format?
> +
> + if (!(sclab->flags & S390_SCLAB_OPSW)) {
> + /* OPSW = 0 - Load PSW field in SCLAB must contain zeros */
> + zipl_secure_validate(sclab->load_psw == 0, &comp_entry->cei,
> + S390_CEI_SCLAB_LOAD_PSW_NOT_ZERO,
> + "Load PSW is not zero when Override PSW bit is zero");
> + } else {
> + /* OPSW = 1 indicating global SCLAB */
> + if (*global_sclab) {
> + comp_list_hdr->iiei |= S390_IIEI_MORE_GLOBAL_SCLAB;
> + zipl_secure_error("More than one global SCLAB");
> + }
> + *global_sclab = sclab;
> +
> + /* override load address flag must set to one */
> + zipl_secure_validate(sclab->flags & S390_SCLAB_OLA, &comp_entry->cei,
> + S390_CEI_SCLAB_OLA_NOT_ONE,
> + "OLA flag is not set to one in the global SCLAB");
> + }
> +
> + if (!(sclab->flags & S390_SCLAB_OLA)) {
> + /* OLA = 0 - Load address field in SCLAB must contain zeros */
> + zipl_secure_validate(sclab->load_addr == 0, &comp_entry->cei,
> + S390_CEI_SCLAB_LOAD_ADDR_NOT_ZERO,
> + "Load Address is not zero when OLA flag is zero");
> + } else {
> + /* OLA = 1 - Load address field must match storage address of the component */
> + zipl_secure_validate(sclab->load_addr == comp_entry->addr, &comp_entry->cei,
> + S390_CEI_UNMATCHED_SCLAB_LOAD_ADDR,
> + "Load Address does not match with component load address");
> + }
> +
> + zipl_secure_validate(~sclab->flags & S390_SCLAB_NUC || sclab->flags & S390_SCLAB_OPSW,
> + &comp_entry->cei, S390_CEI_NUC_NOT_IN_GLOBAL_SCLAB,
> + "NUC bit is set, but not in the global SCLAB");
> +
> + zipl_secure_validate(~sclab->flags & S390_SCLAB_SC || sclab->flags & S390_SCLAB_OPSW,
> + &comp_entry->cei, S390_CEI_SC_NOT_IN_GLOBAL_SCLAB,
> + "SC bit is set, but not in the global SCLAB");
> +}
> +
> static int zipl_load_signature(ComponentEntry *entry, uint64_t sig)
> {
> if (entry->compdat.sig_info.format != DER_SIGNATURE_FORMAT) {
> @@ -268,6 +415,8 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
> uint8_t *tmp_buf;
> bool verified;
> bool signed_found = false;
> + bool sclab_found = false;
> + SclaBlock *global_sclab = NULL;
>
> if ((MAX_SIGNED_COMP * CERT_BUF_MAX_LEN) > (CERT_BUF_SIZE)) {
> panic("Not enough memory to store certificates");
> @@ -308,6 +457,10 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
>
> /* no signature present (unsigned component) */
> if (!sig_entry.len) {
> + zipl_secure_validate(comp_entry.addr >= S390_UNSIGNED_MIN_ADDR,
> + &comp_entry.cei, S390_CEI_INVALID_UNSIGNED_ADDR,
> + "Load address for unsigned component is less than 0x2000");
> +
> comp_list_add(comp_list, comp_entry);
> break;
> }
> @@ -319,6 +472,9 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
> comp_entry.flags = S390_IPL_DEV_COMP_FLAG_SC;
> signed_found = true;
>
> + check_sclab(&global_sclab, &comp_entry, &comp_list->ipl_info_header);
> + sclab_found |= !(comp_entry.cei & S390_CEI_INVALID_SCLAB);
> +
> cert_entry = (IplSignatureCertificateEntry) { 0 };
> verified = verify_signature(comp_entry, sig_entry,
> &cert_entry.len, &cert_table_idx);
> @@ -364,9 +520,17 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
> }
> }
>
> - if (!signed_found) {
> - zipl_secure_error("Secure boot is on, but components are not signed");
> - }
> + zipl_secure_validate(signed_found, &comp_list->ipl_info_header.iiei,
> + S390_IIEI_NO_SIGNED_COMP,
> + "Secure boot is on, but components are not signed");
> +
> + zipl_secure_validate(sclab_found, &comp_list->ipl_info_header.iiei,
> + S390_IIEI_NO_SCLAB, "No recognizable SCLAB");
> +
> + comp_entry = (IplDeviceComponentEntry){ 0 };
> + comp_entry.addr = entry->compdat.load_psw;
> + check_global_sclab(global_sclab, &comp_entry, comp_list);
> + comp_list_add(comp_list, comp_entry);
Do we actually need to add an (empty) entry when global_sclab wasn't found?
>
> *entry_ptr = entry;
> free((void *)sig_entry.addr);
> diff --git a/pc-bios/s390-ccw/secure-ipl.h b/pc-bios/s390-ccw/secure-ipl.h
> index 1b1287858b..1bacb4987a 100644
> --- a/pc-bios/s390-ccw/secure-ipl.h
> +++ b/pc-bios/s390-ccw/secure-ipl.h
> @@ -27,6 +27,33 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
> IplSignatureCertificateList *cert_list,
> uint8_t **tmp_cert_buf);
>
> +#define S390_SCLAB_OPSW 0x8000 /* override PSW flag */
> +#define S390_SCLAB_OLA 0x4000 /* override load address flag */
> +#define S390_SCLAB_NUC 0x2000 /* no unsigned components flag */
> +#define S390_SCLAB_SC 0x1000 /* single component flag */
> +
> +#define S390_SCLAB_MIN_LEN 32
> +#define S390_UNSIGNED_MIN_ADDR 0x2000
> +
> +/* Secure Code Loading Attributes Block */
> +struct SclaBlock {
> + uint8_t format;
> + uint8_t reserved1;
> + uint16_t flags;
> + uint8_t reserved2[4];
> + uint64_t load_psw;
> + uint64_t load_addr;
> + uint64_t reserved3[];
> +} __attribute__ ((packed));
> +typedef struct SclaBlock SclaBlock;
> +
> +struct SclabOriginLocator {
> + uint8_t reserved[2];
> + uint16_t len;
> + uint8_t magic[4];
> +} __attribute__ ((packed));
> +typedef struct SclabOriginLocator SclabOriginLocator;
> +
> static inline void zipl_secure_error(const char *message)
> {
> switch (boot_mode) {
> @@ -38,6 +65,30 @@ static inline void zipl_secure_error(const char *message)
> }
> }
>
> +static inline void zipl_secure_validate_u16(bool condition, uint16_t *flags,
> + uint16_t flag, const char *message)
> +{
> + if (!condition) {
> + *flags |= flag;
> + zipl_secure_error(message);
> + }
> +}
> +
> +static inline void zipl_secure_validate_u32(bool condition, uint32_t *flags,
> + uint32_t flag, const char *message)
> +{
> + if (!condition) {
> + *flags |= flag;
> + zipl_secure_error(message);
> + }
> +}
> +
> +#define zipl_secure_validate(condition, flags, flag, message) \
> + _Generic((flags), \
> + uint16_t * : zipl_secure_validate_u16, \
> + uint32_t * : zipl_secure_validate_u32 \
> + )(condition, flags, flag, message)
> +
> static inline uint64_t _diag320(void *data, unsigned long subcode)
> {
> register unsigned long addr asm("0") = (unsigned long)data;
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 26/35] pc-bios/s390-ccw: Add additional security checks for secure boot
2026-07-02 16:08 ` Eric Farman
@ 2026-07-02 20:47 ` Zhuoying Cai
2026-07-03 2:27 ` Eric Farman
0 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-02 20:47 UTC (permalink / raw)
To: Eric Farman, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
Thanks for the review!
On 7/2/26 12:08 PM, Eric Farman wrote:
> On Wed, 2026-07-01 at 16:49 -0400, Zhuoying Cai wrote:
>> Add additional checks to ensure that components do not overlap with
>> signed components when loaded into memory.
>>
>> Add additional checks to ensure the load addresses of unsigned components
>> are greater than or equal to 0x2000.
>>
>> When the secure IPL code loading attributes facility (SCLAF) is installed,
>> all signed components must contain a secure code loading attributes block
>> (SCLAB).
>>
>> The SCLAB provides further validation of information on where to load the
>> signed binary code from the load device, and where to start the execution
>> of the loaded OS code.
>>
>> When SCLAF is installed, its content must be evaluated during secure IPL.
>>
>> Add IPL Information Error Indicators (IIEI) and Component Error
>> Indicators (CEI) for IPL Information Report Block (IIRB).
>>
>> When SCLAF is installed, additional secure boot checks are performed
>> during zipl and store results of verification into IIRB.
>>
>> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
>> ---
>> include/hw/s390x/ipl/qipl.h | 29 +++++-
>> pc-bios/s390-ccw/sclp.h | 1 +
>> pc-bios/s390-ccw/secure-ipl.c | 170 +++++++++++++++++++++++++++++++++-
>> pc-bios/s390-ccw/secure-ipl.h | 51 ++++++++++
>> 4 files changed, 246 insertions(+), 5 deletions(-)
>>
[...]
>> +static void check_sclab(SclaBlock **global_sclab,
>> + IplDeviceComponentEntry *comp_entry,
>> + IplInfoBlockHeader *comp_list_hdr)
>> +{
>> + SclabOriginLocator *sclab_locator;
>> + SclaBlock *sclab;
>> +
>> + /* sclab locator is located at the last 8 bytes of the signed comp */
>> + sclab_locator = (SclabOriginLocator *)(comp_entry->addr +
>> + comp_entry->len - 8);
>
> Need to verify that len >=8, otherwise who knows what gets read.
>
>> +
>> + /* return early if sclab does not exist */
>> + zipl_secure_validate(magic_match(sclab_locator->magic, ZIPL_MAGIC),
>> + &comp_entry->cei, S390_CEI_INVALID_SCLAB,
>> + "Magic does not match. SCLAB does not exist");
>> +
>> + if (comp_entry->cei & S390_CEI_INVALID_SCLAB) {
>> + return;
>> + }
>> +
>> + zipl_secure_validate(sclab_locator->len >= S390_SCLAB_MIN_LEN, &comp_entry->cei,
>> + S390_CEI_INVALID_SCLAB_LEN | S390_CEI_INVALID_SCLAB,
>> + "Invalid SCLAB length");
>> +
>> + /* return early if sclab is invalid */
>> + if (comp_entry->cei & S390_CEI_INVALID_SCLAB) {
>> + return;
>> + }
>
> I get why these two conditions (missing/invalid SCLAB) cause us to stop processing when in audit
> mode...
>
>> +
>> + sclab = (SclaBlock *)(comp_entry->addr + comp_entry->len -
>> + sclab_locator->len);
>> +
>> + zipl_secure_validate(sclab->format == 0, &comp_entry->cei,
>> + S390_CEI_INVALID_SCLAB_FORMAT,
>> + "Format-0 SCLAB is not being used");
>
> ...but why doesn't this one (SCLAB format)? Do the subsequent flags checks all apply regardless of
> format?
>
Continuing with the flag checks seems reasonable to me, since we're
still dealing with some form of valid SCLAB. Please let me know your
thoughts. Thanks!
>> +
>> + if (!(sclab->flags & S390_SCLAB_OPSW)) {
>> + /* OPSW = 0 - Load PSW field in SCLAB must contain zeros */
>> + zipl_secure_validate(sclab->load_psw == 0, &comp_entry->cei,
>> + S390_CEI_SCLAB_LOAD_PSW_NOT_ZERO,
>> + "Load PSW is not zero when Override PSW bit is zero");
>> + } else {
>> + /* OPSW = 1 indicating global SCLAB */
>> + if (*global_sclab) {
>> + comp_list_hdr->iiei |= S390_IIEI_MORE_GLOBAL_SCLAB;
>> + zipl_secure_error("More than one global SCLAB");
>> + }
>> + *global_sclab = sclab;
>> +
>> + /* override load address flag must set to one */
>> + zipl_secure_validate(sclab->flags & S390_SCLAB_OLA, &comp_entry->cei,
>> + S390_CEI_SCLAB_OLA_NOT_ONE,
>> + "OLA flag is not set to one in the global SCLAB");
>> + }
>> +
>> + if (!(sclab->flags & S390_SCLAB_OLA)) {
>> + /* OLA = 0 - Load address field in SCLAB must contain zeros */
>> + zipl_secure_validate(sclab->load_addr == 0, &comp_entry->cei,
>> + S390_CEI_SCLAB_LOAD_ADDR_NOT_ZERO,
>> + "Load Address is not zero when OLA flag is zero");
>> + } else {
>> + /* OLA = 1 - Load address field must match storage address of the component */
>> + zipl_secure_validate(sclab->load_addr == comp_entry->addr, &comp_entry->cei,
>> + S390_CEI_UNMATCHED_SCLAB_LOAD_ADDR,
>> + "Load Address does not match with component load address");
>> + }
>> +
>> + zipl_secure_validate(~sclab->flags & S390_SCLAB_NUC || sclab->flags & S390_SCLAB_OPSW,
>> + &comp_entry->cei, S390_CEI_NUC_NOT_IN_GLOBAL_SCLAB,
>> + "NUC bit is set, but not in the global SCLAB");
>> +
>> + zipl_secure_validate(~sclab->flags & S390_SCLAB_SC || sclab->flags & S390_SCLAB_OPSW,
>> + &comp_entry->cei, S390_CEI_SC_NOT_IN_GLOBAL_SCLAB,
>> + "SC bit is set, but not in the global SCLAB");
>> +}
>> +
>> static int zipl_load_signature(ComponentEntry *entry, uint64_t sig)
>> {
>> if (entry->compdat.sig_info.format != DER_SIGNATURE_FORMAT) {
>> @@ -268,6 +415,8 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
>> uint8_t *tmp_buf;
>> bool verified;
>> bool signed_found = false;
>> + bool sclab_found = false;
>> + SclaBlock *global_sclab = NULL;
>>
>> if ((MAX_SIGNED_COMP * CERT_BUF_MAX_LEN) > (CERT_BUF_SIZE)) {
>> panic("Not enough memory to store certificates");
>> @@ -308,6 +457,10 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
>>
>> /* no signature present (unsigned component) */
>> if (!sig_entry.len) {
>> + zipl_secure_validate(comp_entry.addr >= S390_UNSIGNED_MIN_ADDR,
>> + &comp_entry.cei, S390_CEI_INVALID_UNSIGNED_ADDR,
>> + "Load address for unsigned component is less than 0x2000");
>> +
>> comp_list_add(comp_list, comp_entry);
>> break;
>> }
>> @@ -319,6 +472,9 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
>> comp_entry.flags = S390_IPL_DEV_COMP_FLAG_SC;
>> signed_found = true;
>>
>> + check_sclab(&global_sclab, &comp_entry, &comp_list->ipl_info_header);
>> + sclab_found |= !(comp_entry.cei & S390_CEI_INVALID_SCLAB);
>> +
>> cert_entry = (IplSignatureCertificateEntry) { 0 };
>> verified = verify_signature(comp_entry, sig_entry,
>> &cert_entry.len, &cert_table_idx);
>> @@ -364,9 +520,17 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
>> }
>> }
>>
>> - if (!signed_found) {
>> - zipl_secure_error("Secure boot is on, but components are not signed");
>> - }
>> + zipl_secure_validate(signed_found, &comp_list->ipl_info_header.iiei,
>> + S390_IIEI_NO_SIGNED_COMP,
>> + "Secure boot is on, but components are not signed");
>> +
>> + zipl_secure_validate(sclab_found, &comp_list->ipl_info_header.iiei,
>> + S390_IIEI_NO_SCLAB, "No recognizable SCLAB");
>> +
>> + comp_entry = (IplDeviceComponentEntry){ 0 };
>> + comp_entry.addr = entry->compdat.load_psw;
>> + check_global_sclab(global_sclab, &comp_entry, comp_list);
>> + comp_list_add(comp_list, comp_entry);
>
> Do we actually need to add an (empty) entry when global_sclab wasn't found?
>
I think we should still add this entry even when global_sclab is not
found, since the comp_entry would still contain the PSW value from the
EXEC entry.
>>
>> *entry_ptr = entry;
>> free((void *)sig_entry.addr);
>> diff --git a/pc-bios/s390-ccw/secure-ipl.h b/pc-bios/s390-ccw/secure-ipl.h
>> index 1b1287858b..1bacb4987a 100644
>> --- a/pc-bios/s390-ccw/secure-ipl.h
>> +++ b/pc-bios/s390-ccw/secure-ipl.h
>> @@ -27,6 +27,33 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
>> IplSignatureCertificateList *cert_list,
>> uint8_t **tmp_cert_buf);
>>
>> +#define S390_SCLAB_OPSW 0x8000 /* override PSW flag */
>> +#define S390_SCLAB_OLA 0x4000 /* override load address flag */
>> +#define S390_SCLAB_NUC 0x2000 /* no unsigned components flag */
>> +#define S390_SCLAB_SC 0x1000 /* single component flag */
>> +
>> +#define S390_SCLAB_MIN_LEN 32
>> +#define S390_UNSIGNED_MIN_ADDR 0x2000
>> +
>> +/* Secure Code Loading Attributes Block */
>> +struct SclaBlock {
>> + uint8_t format;
>> + uint8_t reserved1;
>> + uint16_t flags;
>> + uint8_t reserved2[4];
>> + uint64_t load_psw;
>> + uint64_t load_addr;
>> + uint64_t reserved3[];
>> +} __attribute__ ((packed));
>> +typedef struct SclaBlock SclaBlock;
>> +
>> +struct SclabOriginLocator {
>> + uint8_t reserved[2];
>> + uint16_t len;
>> + uint8_t magic[4];
>> +} __attribute__ ((packed));
>> +typedef struct SclabOriginLocator SclabOriginLocator;
>> +
>> static inline void zipl_secure_error(const char *message)
>> {
>> switch (boot_mode) {
>> @@ -38,6 +65,30 @@ static inline void zipl_secure_error(const char *message)
>> }
>> }
>>
>> +static inline void zipl_secure_validate_u16(bool condition, uint16_t *flags,
>> + uint16_t flag, const char *message)
>> +{
>> + if (!condition) {
>> + *flags |= flag;
>> + zipl_secure_error(message);
>> + }
>> +}
>> +
>> +static inline void zipl_secure_validate_u32(bool condition, uint32_t *flags,
>> + uint32_t flag, const char *message)
>> +{
>> + if (!condition) {
>> + *flags |= flag;
>> + zipl_secure_error(message);
>> + }
>> +}
>> +
>> +#define zipl_secure_validate(condition, flags, flag, message) \
>> + _Generic((flags), \
>> + uint16_t * : zipl_secure_validate_u16, \
>> + uint32_t * : zipl_secure_validate_u32 \
>> + )(condition, flags, flag, message)
>> +
>> static inline uint64_t _diag320(void *data, unsigned long subcode)
>> {
>> register unsigned long addr asm("0") = (unsigned long)data;
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 26/35] pc-bios/s390-ccw: Add additional security checks for secure boot
2026-07-02 20:47 ` Zhuoying Cai
@ 2026-07-03 2:27 ` Eric Farman
0 siblings, 0 replies; 71+ messages in thread
From: Eric Farman @ 2026-07-03 2:27 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On Thu, 2026-07-02 at 16:47 -0400, Zhuoying Cai wrote:
> Thanks for the review!
>
> On 7/2/26 12:08 PM, Eric Farman wrote:
> > On Wed, 2026-07-01 at 16:49 -0400, Zhuoying Cai wrote:
> > > Add additional checks to ensure that components do not overlap with
> > > signed components when loaded into memory.
> > >
> > > Add additional checks to ensure the load addresses of unsigned components
> > > are greater than or equal to 0x2000.
> > >
> > > When the secure IPL code loading attributes facility (SCLAF) is installed,
> > > all signed components must contain a secure code loading attributes block
> > > (SCLAB).
> > >
> > > The SCLAB provides further validation of information on where to load the
> > > signed binary code from the load device, and where to start the execution
> > > of the loaded OS code.
> > >
> > > When SCLAF is installed, its content must be evaluated during secure IPL.
> > >
> > > Add IPL Information Error Indicators (IIEI) and Component Error
> > > Indicators (CEI) for IPL Information Report Block (IIRB).
> > >
> > > When SCLAF is installed, additional secure boot checks are performed
> > > during zipl and store results of verification into IIRB.
> > >
> > > Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> > > ---
> > > include/hw/s390x/ipl/qipl.h | 29 +++++-
> > > pc-bios/s390-ccw/sclp.h | 1 +
> > > pc-bios/s390-ccw/secure-ipl.c | 170 +++++++++++++++++++++++++++++++++-
> > > pc-bios/s390-ccw/secure-ipl.h | 51 ++++++++++
> > > 4 files changed, 246 insertions(+), 5 deletions(-)
> > >
>
> [...]
>
> > > +static void check_sclab(SclaBlock **global_sclab,
> > > + IplDeviceComponentEntry *comp_entry,
> > > + IplInfoBlockHeader *comp_list_hdr)
> > > +{
> > > + SclabOriginLocator *sclab_locator;
> > > + SclaBlock *sclab;
> > > +
> > > + /* sclab locator is located at the last 8 bytes of the signed comp */
> > > + sclab_locator = (SclabOriginLocator *)(comp_entry->addr +
> > > + comp_entry->len - 8);
> >
> > Need to verify that len >=8, otherwise who knows what gets read.
> >
> > > +
> > > + /* return early if sclab does not exist */
> > > + zipl_secure_validate(magic_match(sclab_locator->magic, ZIPL_MAGIC),
> > > + &comp_entry->cei, S390_CEI_INVALID_SCLAB,
> > > + "Magic does not match. SCLAB does not exist");
> > > +
> > > + if (comp_entry->cei & S390_CEI_INVALID_SCLAB) {
> > > + return;
> > > + }
> > > +
> > > + zipl_secure_validate(sclab_locator->len >= S390_SCLAB_MIN_LEN, &comp_entry->cei,
> > > + S390_CEI_INVALID_SCLAB_LEN | S390_CEI_INVALID_SCLAB,
> > > + "Invalid SCLAB length");
> > > +
> > > + /* return early if sclab is invalid */
> > > + if (comp_entry->cei & S390_CEI_INVALID_SCLAB) {
> > > + return;
> > > + }
> >
> > I get why these two conditions (missing/invalid SCLAB) cause us to stop processing when in audit
> > mode...
> >
> > > +
> > > + sclab = (SclaBlock *)(comp_entry->addr + comp_entry->len -
> > > + sclab_locator->len);
> > > +
> > > + zipl_secure_validate(sclab->format == 0, &comp_entry->cei,
> > > + S390_CEI_INVALID_SCLAB_FORMAT,
> > > + "Format-0 SCLAB is not being used");
> >
> > ...but why doesn't this one (SCLAB format)? Do the subsequent flags checks all apply regardless of
> > format?
> >
>
> Continuing with the flag checks seems reasonable to me, since we're
> still dealing with some form of valid SCLAB. Please let me know your
> thoughts. Thanks!
Agreed. The flag checks apply regardless of format, which I overlooked previously.
>
> > > +
> > > + if (!(sclab->flags & S390_SCLAB_OPSW)) {
> > > + /* OPSW = 0 - Load PSW field in SCLAB must contain zeros */
> > > + zipl_secure_validate(sclab->load_psw == 0, &comp_entry->cei,
> > > + S390_CEI_SCLAB_LOAD_PSW_NOT_ZERO,
> > > + "Load PSW is not zero when Override PSW bit is zero");
> > > + } else {
> > > + /* OPSW = 1 indicating global SCLAB */
> > > + if (*global_sclab) {
> > > + comp_list_hdr->iiei |= S390_IIEI_MORE_GLOBAL_SCLAB;
> > > + zipl_secure_error("More than one global SCLAB");
> > > + }
> > > + *global_sclab = sclab;
> > > +
> > > + /* override load address flag must set to one */
> > > + zipl_secure_validate(sclab->flags & S390_SCLAB_OLA, &comp_entry->cei,
> > > + S390_CEI_SCLAB_OLA_NOT_ONE,
> > > + "OLA flag is not set to one in the global SCLAB");
> > > + }
> > > +
> > > + if (!(sclab->flags & S390_SCLAB_OLA)) {
> > > + /* OLA = 0 - Load address field in SCLAB must contain zeros */
> > > + zipl_secure_validate(sclab->load_addr == 0, &comp_entry->cei,
> > > + S390_CEI_SCLAB_LOAD_ADDR_NOT_ZERO,
> > > + "Load Address is not zero when OLA flag is zero");
> > > + } else {
> > > + /* OLA = 1 - Load address field must match storage address of the component */
> > > + zipl_secure_validate(sclab->load_addr == comp_entry->addr, &comp_entry->cei,
> > > + S390_CEI_UNMATCHED_SCLAB_LOAD_ADDR,
> > > + "Load Address does not match with component load address");
> > > + }
> > > +
> > > + zipl_secure_validate(~sclab->flags & S390_SCLAB_NUC || sclab->flags & S390_SCLAB_OPSW,
> > > + &comp_entry->cei, S390_CEI_NUC_NOT_IN_GLOBAL_SCLAB,
> > > + "NUC bit is set, but not in the global SCLAB");
> > > +
> > > + zipl_secure_validate(~sclab->flags & S390_SCLAB_SC || sclab->flags & S390_SCLAB_OPSW,
> > > + &comp_entry->cei, S390_CEI_SC_NOT_IN_GLOBAL_SCLAB,
> > > + "SC bit is set, but not in the global SCLAB");
> > > +}
> > > +
> > > static int zipl_load_signature(ComponentEntry *entry, uint64_t sig)
> > > {
> > > if (entry->compdat.sig_info.format != DER_SIGNATURE_FORMAT) {
> > > @@ -268,6 +415,8 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
> > > uint8_t *tmp_buf;
> > > bool verified;
> > > bool signed_found = false;
> > > + bool sclab_found = false;
> > > + SclaBlock *global_sclab = NULL;
> > >
> > > if ((MAX_SIGNED_COMP * CERT_BUF_MAX_LEN) > (CERT_BUF_SIZE)) {
> > > panic("Not enough memory to store certificates");
> > > @@ -308,6 +457,10 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
> > >
> > > /* no signature present (unsigned component) */
> > > if (!sig_entry.len) {
> > > + zipl_secure_validate(comp_entry.addr >= S390_UNSIGNED_MIN_ADDR,
> > > + &comp_entry.cei, S390_CEI_INVALID_UNSIGNED_ADDR,
> > > + "Load address for unsigned component is less than 0x2000");
> > > +
> > > comp_list_add(comp_list, comp_entry);
> > > break;
> > > }
> > > @@ -319,6 +472,9 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
> > > comp_entry.flags = S390_IPL_DEV_COMP_FLAG_SC;
> > > signed_found = true;
> > >
> > > + check_sclab(&global_sclab, &comp_entry, &comp_list->ipl_info_header);
> > > + sclab_found |= !(comp_entry.cei & S390_CEI_INVALID_SCLAB);
> > > +
> > > cert_entry = (IplSignatureCertificateEntry) { 0 };
> > > verified = verify_signature(comp_entry, sig_entry,
> > > &cert_entry.len, &cert_table_idx);
> > > @@ -364,9 +520,17 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
> > > }
> > > }
> > >
> > > - if (!signed_found) {
> > > - zipl_secure_error("Secure boot is on, but components are not signed");
> > > - }
> > > + zipl_secure_validate(signed_found, &comp_list->ipl_info_header.iiei,
> > > + S390_IIEI_NO_SIGNED_COMP,
> > > + "Secure boot is on, but components are not signed");
> > > +
> > > + zipl_secure_validate(sclab_found, &comp_list->ipl_info_header.iiei,
> > > + S390_IIEI_NO_SCLAB, "No recognizable SCLAB");
> > > +
> > > + comp_entry = (IplDeviceComponentEntry){ 0 };
> > > + comp_entry.addr = entry->compdat.load_psw;
> > > + check_global_sclab(global_sclab, &comp_entry, comp_list);
> > > + comp_list_add(comp_list, comp_entry);
> >
> > Do we actually need to add an (empty) entry when global_sclab wasn't found?
> >
>
> I think we should still add this entry even when global_sclab is not
> found, since the comp_entry would still contain the PSW value from the
> EXEC entry.
Works for me. Thanks!
>
> > >
> > > *entry_ptr = entry;
> > > free((void *)sig_entry.addr);
> > > diff --git a/pc-bios/s390-ccw/secure-ipl.h b/pc-bios/s390-ccw/secure-ipl.h
> > > index 1b1287858b..1bacb4987a 100644
> > > --- a/pc-bios/s390-ccw/secure-ipl.h
> > > +++ b/pc-bios/s390-ccw/secure-ipl.h
> > > @@ -27,6 +27,33 @@ int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec,
> > > IplSignatureCertificateList *cert_list,
> > > uint8_t **tmp_cert_buf);
> > >
> > > +#define S390_SCLAB_OPSW 0x8000 /* override PSW flag */
> > > +#define S390_SCLAB_OLA 0x4000 /* override load address flag */
> > > +#define S390_SCLAB_NUC 0x2000 /* no unsigned components flag */
> > > +#define S390_SCLAB_SC 0x1000 /* single component flag */
> > > +
> > > +#define S390_SCLAB_MIN_LEN 32
> > > +#define S390_UNSIGNED_MIN_ADDR 0x2000
> > > +
> > > +/* Secure Code Loading Attributes Block */
> > > +struct SclaBlock {
> > > + uint8_t format;
> > > + uint8_t reserved1;
> > > + uint16_t flags;
> > > + uint8_t reserved2[4];
> > > + uint64_t load_psw;
> > > + uint64_t load_addr;
> > > + uint64_t reserved3[];
> > > +} __attribute__ ((packed));
> > > +typedef struct SclaBlock SclaBlock;
> > > +
> > > +struct SclabOriginLocator {
> > > + uint8_t reserved[2];
> > > + uint16_t len;
> > > + uint8_t magic[4];
> > > +} __attribute__ ((packed));
> > > +typedef struct SclabOriginLocator SclabOriginLocator;
> > > +
> > > static inline void zipl_secure_error(const char *message)
> > > {
> > > switch (boot_mode) {
> > > @@ -38,6 +65,30 @@ static inline void zipl_secure_error(const char *message)
> > > }
> > > }
> > >
> > > +static inline void zipl_secure_validate_u16(bool condition, uint16_t *flags,
> > > + uint16_t flag, const char *message)
> > > +{
> > > + if (!condition) {
> > > + *flags |= flag;
> > > + zipl_secure_error(message);
> > > + }
> > > +}
> > > +
> > > +static inline void zipl_secure_validate_u32(bool condition, uint32_t *flags,
> > > + uint32_t flag, const char *message)
> > > +{
> > > + if (!condition) {
> > > + *flags |= flag;
> > > + zipl_secure_error(message);
> > > + }
> > > +}
> > > +
> > > +#define zipl_secure_validate(condition, flags, flag, message) \
> > > + _Generic((flags), \
> > > + uint16_t * : zipl_secure_validate_u16, \
> > > + uint32_t * : zipl_secure_validate_u32 \
> > > + )(condition, flags, flag, message)
> > > +
> > > static inline uint64_t _diag320(void *data, unsigned long subcode)
> > > {
> > > register unsigned long addr asm("0") = (unsigned long)data;
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 27/35] Add secure-boot to s390-ccw-virtio machine type option
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (25 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 26/35] pc-bios/s390-ccw: Add additional security checks for secure boot Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-01 20:49 ` [PATCH v12 28/35] hw/s390x/ipl: Set IPIB flags for secure IPL Zhuoying Cai
` (7 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Add secure-boot as a parameter of s390-ccw-virtio machine type option.
The `secure-boot=on|off` parameter is implemented to enable secure IPL.
By default, secure-boot is set to false if not specified in
the command line.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
---
docs/system/s390x/secure-ipl.rst | 22 +++++++++++++++++-----
hw/s390x/s390-virtio-ccw.c | 22 ++++++++++++++++++++++
include/hw/s390x/s390-virtio-ccw.h | 1 +
qemu-options.hx | 6 +++++-
4 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/docs/system/s390x/secure-ipl.rst b/docs/system/s390x/secure-ipl.rst
index cf6ccf5d57..9e3955f8fc 100644
--- a/docs/system/s390x/secure-ipl.rst
+++ b/docs/system/s390x/secure-ipl.rst
@@ -19,20 +19,32 @@ Note: certificate files must have a .pem extension.
qemu-system-s390x -machine s390-ccw-virtio,boot-certs.0.path=/.../qemu/certs,boot-certs.1.path=/another/path/cert.pem ...
+Enabling Secure IPL
+^^^^^^^^^^^^^^^^^^^
+
+Secure IPL is enabled by explicitly setting ``secure-boot=on``; if not
+specified, secure boot is considered off.
+
+.. code-block:: shell
+
+ qemu-system-s390x -machine s390-ccw-virtio,secure-boot=on|off
+
IPL Modes
---------
Multiple IPL modes are available to differentiate between the various IPL
-configurations. These modes are mutually exclusive and enabled based on the
-``boot-certs`` option on the QEMU command line.
+configurations. These modes are mutually exclusive and enabled based on specific
+combinations of the ``secure-boot`` and ``boot-certs`` options on the QEMU
+command line.
Normal Mode
^^^^^^^^^^^
-The absence of certificates will attempt to IPL a guest without secure IPL
-operations. No checks are performed, and no warnings/errors are reported.
-This is the default mode.
+The absence of both certificates and the ``secure-boot`` option will attempt to
+IPL a guest without secure IPL operations. No checks are performed, and no
+warnings/errors are reported. This is the default mode, and can be explicitly
+enabled with ``secure-boot=off``.
Configuration:
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index b3c96ba35b..6d2e45c1a7 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -813,6 +813,21 @@ static void machine_set_boot_certs(Object *obj, Visitor *v, const char *name,
ms->boot_certs = cert_list;
}
+static inline bool machine_get_secure_boot(Object *obj, Error **errp)
+{
+ S390CcwMachineState *ms = S390_CCW_MACHINE(obj);
+
+ return ms->secure_boot;
+}
+
+static inline void machine_set_secure_boot(Object *obj, bool value,
+ Error **errp)
+{
+ S390CcwMachineState *ms = S390_CCW_MACHINE(obj);
+
+ ms->secure_boot = value;
+}
+
/*
* S390x-specific global compatibility properties.
*
@@ -886,6 +901,13 @@ static void ccw_machine_class_init(ObjectClass *oc, const void *data)
machine_get_boot_certs, machine_set_boot_certs, NULL, NULL);
object_class_property_set_description(oc, "boot-certs",
"provide paths to a directory and/or a certificate file for secure boot");
+
+ object_class_property_add_bool(oc, "secure-boot",
+ machine_get_secure_boot,
+ machine_set_secure_boot);
+ object_class_property_set_description(oc, "secure-boot",
+ "enable/disable secure boot");
+
}
static inline void s390_machine_initfn(Object *obj)
diff --git a/include/hw/s390x/s390-virtio-ccw.h b/include/hw/s390x/s390-virtio-ccw.h
index 5ad1ea2f24..93a4c0ccad 100644
--- a/include/hw/s390x/s390-virtio-ccw.h
+++ b/include/hw/s390x/s390-virtio-ccw.h
@@ -29,6 +29,7 @@ struct S390CcwMachineState {
bool aes_key_wrap;
bool dea_key_wrap;
bool pv;
+ bool secure_boot;
uint8_t loadparm[8];
uint64_t memory_limit;
uint64_t max_pagesize;
diff --git a/qemu-options.hx b/qemu-options.hx
index 83915bd7ef..d37fd8595c 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -47,7 +47,8 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
" cxl-fmw.0.targets.0=firsttarget,cxl-fmw.0.targets.1=secondtarget,cxl-fmw.0.size=size[,cxl-fmw.0.interleave-granularity=granularity]\n"
" sgx-epc.0.memdev=memid,sgx-epc.0.node=numaid\n"
" smp-cache.0.cache=cachename,smp-cache.0.topology=topologylevel\n"
- " boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file provides paths to a directory and/or a certificate file\n",
+ " boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file provides paths to a directory and/or a certificate file\n"
+ " secure-boot=on|off enable/disable secure boot (default=off) \n",
QEMU_ARCH_ALL)
SRST
``-machine [type=]name[,prop=value[,...]]``
@@ -218,6 +219,9 @@ SRST
``boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file``
Provide paths to a directory and/or a certificate file on the host [s390x only].
+
+ ``secure-boot=on|off``
+ Enables or disables secure boot on s390-ccw guest. The default is off.
ERST
DEF("M", HAS_ARG, QEMU_OPTION_M,
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 28/35] hw/s390x/ipl: Set IPIB flags for secure IPL
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (26 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 27/35] Add secure-boot to s390-ccw-virtio machine type option Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 3:16 ` Jared Rossi
2026-07-01 20:49 ` [PATCH v12 29/35] pc-bios/s390-ccw: Handle true secure IPL mode Zhuoying Cai
` (6 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
If `-M secure-boot=on` is specified on the command line option, indicating
true secure IPL enabled, set Secure-IPL bit and IPL-Information-Report
bit on in IPIB Flags field, and trigger true secure IPL in the S390 BIOS.
Any error that occurs during true secure IPL will cause the IPL to
terminate.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
---
hw/s390x/ipl.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index 7734b6edc7..da826908c1 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -467,6 +467,11 @@ static bool s390_has_certificate(void)
return ipl->cert_store.count > 0;
}
+static bool s390_secure_boot_enabled(void)
+{
+ return S390_CCW_MACHINE(qdev_get_machine())->secure_boot;
+}
+
static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
{
CcwDevice *ccw_dev = NULL;
@@ -523,6 +528,18 @@ static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
s390_ipl_convert_loadparm((char *)lp, iplb->loadparm);
iplb->flags |= DIAG308_FLAGS_LP_VALID;
+ /*
+ * If secure-boot is enabled, then toggle the secure IPL flags to
+ * trigger secure boot in the s390 BIOS.
+ *
+ * Boot process will terminate if any error occurs during secure boot.
+ *
+ * If SIPL is on, IPLIR must also be on.
+ */
+ if (s390_secure_boot_enabled()) {
+ iplb->hdr_flags |= (DIAG308_IPIB_FLAGS_SIPL | DIAG308_IPIB_FLAGS_IPLIR);
+ iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
+ }
/*
* Secure boot in audit mode will perform
* if certificate(s) exist in the key store.
@@ -532,7 +549,7 @@ static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
*
* Results of secure boot will be stored in IIRB.
*/
- if (s390_has_certificate()) {
+ else if (s390_has_certificate()) {
iplb->hdr_flags |= DIAG308_IPIB_FLAGS_IPLIR;
iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
}
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 28/35] hw/s390x/ipl: Set IPIB flags for secure IPL
2026-07-01 20:49 ` [PATCH v12 28/35] hw/s390x/ipl: Set IPIB flags for secure IPL Zhuoying Cai
@ 2026-07-02 3:16 ` Jared Rossi
0 siblings, 0 replies; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 3:16 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> If `-M secure-boot=on` is specified on the command line option, indicating
> true secure IPL enabled, set Secure-IPL bit and IPL-Information-Report
> bit on in IPIB Flags field, and trigger true secure IPL in the S390 BIOS.
>
> Any error that occurs during true secure IPL will cause the IPL to
> terminate.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
> Reviewed-by: Collin Walling <walling@linux.ibm.com>
> ---
> hw/s390x/ipl.c | 19 ++++++++++++++++++-
> 1 file changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index 7734b6edc7..da826908c1 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -467,6 +467,11 @@ static bool s390_has_certificate(void)
> return ipl->cert_store.count > 0;
> }
>
> +static bool s390_secure_boot_enabled(void)
> +{
> + return S390_CCW_MACHINE(qdev_get_machine())->secure_boot;
> +}
> +
> static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
> {
> CcwDevice *ccw_dev = NULL;
> @@ -523,6 +528,18 @@ static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
> s390_ipl_convert_loadparm((char *)lp, iplb->loadparm);
> iplb->flags |= DIAG308_FLAGS_LP_VALID;
>
> + /*
> + * If secure-boot is enabled, then toggle the secure IPL flags to
> + * trigger secure boot in the s390 BIOS.
> + *
> + * Boot process will terminate if any error occurs during secure boot.
> + *
> + * If SIPL is on, IPLIR must also be on.
> + */
> + if (s390_secure_boot_enabled()) {
> + iplb->hdr_flags |= (DIAG308_IPIB_FLAGS_SIPL | DIAG308_IPIB_FLAGS_IPLIR);
> + iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
> + }
> /*
> * Secure boot in audit mode will perform
> * if certificate(s) exist in the key store.
> @@ -532,7 +549,7 @@ static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
> *
> * Results of secure boot will be stored in IIRB.
> */
> - if (s390_has_certificate()) {
> + else if (s390_has_certificate()) {
> iplb->hdr_flags |= DIAG308_IPIB_FLAGS_IPLIR;
> iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
> }
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 29/35] pc-bios/s390-ccw: Handle true secure IPL mode
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (27 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 28/35] hw/s390x/ipl: Set IPIB flags for secure IPL Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-01 20:49 ` [PATCH v12 30/35] hw/s390x/ipl: Handle secure boot with multiple boot devices Zhuoying Cai
` (5 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
When secure boot is enabled (-secure-boot on) and certificate(s) are
provided, the boot operates in True Secure IPL mode.
Any verification error during True Secure IPL mode will cause the
entire boot process to terminate.
Secure IPL in audit mode requires at least one certificate provided in
the key store along with necessary facilities. If secure boot is enabled
but no certificate is provided, the boot process will also terminate, as
this is not a valid secure boot configuration.
Note: True Secure IPL mode is implemented for the SCSI scheme of
virtio-blk/virtio-scsi devices.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
---
docs/system/s390x/secure-ipl.rst | 13 +++++++++++++
pc-bios/s390-ccw/bootmap.c | 6 +++++-
pc-bios/s390-ccw/main.c | 7 ++++++-
pc-bios/s390-ccw/s390-ccw.h | 1 +
pc-bios/s390-ccw/secure-ipl.h | 3 +++
5 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/docs/system/s390x/secure-ipl.rst b/docs/system/s390x/secure-ipl.rst
index 9e3955f8fc..c8fb887ac0 100644
--- a/docs/system/s390x/secure-ipl.rst
+++ b/docs/system/s390x/secure-ipl.rst
@@ -66,3 +66,16 @@ Configuration:
.. code-block:: shell
qemu-system-s390x -machine s390-ccw-virtio,boot-certs.0.path=/.../qemu/certs,boot-certs.1.path=/another/path/cert.pem ...
+
+Secure Mode
+^^^^^^^^^^^
+
+When the ``secure-boot=on`` option is set and certificates are provided,
+a secure boot is performed with error reporting enabled. The boot process aborts
+if any error occurs.
+
+Configuration:
+
+.. code-block:: shell
+
+ qemu-system-s390x -machine s390-ccw-virtio,secure-boot=on,boot-certs.0.path=/.../qemu/certs,boot-certs.1.path=/another/path/cert.pem ...
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index 1147124bd7..cbfbbfe35c 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -742,6 +742,7 @@ static int zipl_run(ScsiBlockPtr *pte)
case ZIPL_BOOT_MODE_NORMAL:
rc = zipl_run_normal(&entry, tmp_sec);
break;
+ case ZIPL_BOOT_MODE_SECURE:
case ZIPL_BOOT_MODE_SECURE_AUDIT:
rc = zipl_run_secure(&entry, tmp_sec, &comp_list, &cert_list, &tmp_cert_buf);
break;
@@ -761,7 +762,8 @@ static int zipl_run(ScsiBlockPtr *pte)
/* should not return */
write_reset_psw(entry->compdat.load_psw);
- if (boot_mode == ZIPL_BOOT_MODE_SECURE_AUDIT) {
+ if (boot_mode == ZIPL_BOOT_MODE_SECURE ||
+ boot_mode == ZIPL_BOOT_MODE_SECURE_AUDIT) {
update_cert_list(&cert_list);
update_iirb(&comp_list, &cert_list);
free(tmp_cert_buf);
@@ -1129,6 +1131,8 @@ ZiplBootMode get_boot_mode(uint8_t hdr_flags)
if (!sipl_set && iplir_set) {
return ZIPL_BOOT_MODE_SECURE_AUDIT;
+ } else if (sipl_set && iplir_set) {
+ return ZIPL_BOOT_MODE_SECURE;
}
return ZIPL_BOOT_MODE_NORMAL;
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index 7484429c9a..687946c471 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -399,15 +399,20 @@ void main(void)
boot_mode = get_boot_mode(iplb->hdr_flags);
switch (boot_mode) {
+ case ZIPL_BOOT_MODE_SECURE:
case ZIPL_BOOT_MODE_SECURE_AUDIT:
if (!secure_ipl_supported()) {
- panic("Unable to boot in audit mode");
+ panic("Unable to boot in secure/audit mode");
}
vcssb_len = zipl_secure_get_vcssb();
if (vcssb_len == 0) {
panic("Failed to query certificate storage information!");
}
+
+ if (vcssb_len == VCSSB_NO_VC) {
+ panic("Need at least one certificate for secure boot!");
+ }
default:
break;
}
diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
index ca2737054d..0ea4810f1f 100644
--- a/pc-bios/s390-ccw/s390-ccw.h
+++ b/pc-bios/s390-ccw/s390-ccw.h
@@ -90,6 +90,7 @@ void zipl_load(void);
typedef enum ZiplBootMode {
ZIPL_BOOT_MODE_NORMAL = 0,
ZIPL_BOOT_MODE_SECURE_AUDIT = 1,
+ ZIPL_BOOT_MODE_SECURE = 2,
} ZiplBootMode;
extern ZiplBootMode boot_mode;
diff --git a/pc-bios/s390-ccw/secure-ipl.h b/pc-bios/s390-ccw/secure-ipl.h
index 1bacb4987a..da2e379ff3 100644
--- a/pc-bios/s390-ccw/secure-ipl.h
+++ b/pc-bios/s390-ccw/secure-ipl.h
@@ -60,6 +60,9 @@ static inline void zipl_secure_error(const char *message)
case ZIPL_BOOT_MODE_SECURE_AUDIT:
printf("AUDIT MODE WARNING: %s\n", message);
break;
+ case ZIPL_BOOT_MODE_SECURE:
+ panic(message);
+ break;
default:
break;
}
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 30/35] hw/s390x/ipl: Handle secure boot with multiple boot devices
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (28 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 29/35] pc-bios/s390-ccw: Handle true secure IPL mode Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-01 20:49 ` [PATCH v12 31/35] hw/s390x/ipl: Handle secure boot without specifying a boot device Zhuoying Cai
` (4 subsequent siblings)
34 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
The current approach to enable secure boot relies on providing
secure-boot and boot-certs parameters of s390-ccw-virtio machine
type option, which apply to all boot devices.
With the possibility of multiple boot devices, secure boot expects all
provided devices to be supported and eligible (e.g.,
virtio-blk/virtio-scsi using the SCSI scheme).
If multiple boot devices are provided and include an unsupported (e.g.,
ECKD, VFIO) or a non-eligible (e.g., Net) device, the boot process will
terminate with an error logged to the console.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
hw/s390x/ipl.c | 89 +++++++++++++++++++++++++++++------------
pc-bios/s390-ccw/main.c | 3 --
2 files changed, 64 insertions(+), 28 deletions(-)
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index da826908c1..0d6a783d9f 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -472,6 +472,68 @@ static bool s390_secure_boot_enabled(void)
return S390_CCW_MACHINE(qdev_get_machine())->secure_boot;
}
+static bool s390_validate_secure_boot_device(int devtype, Error **errp)
+{
+ switch (devtype) {
+ case CCW_DEVTYPE_VFIO:
+ error_setg(errp, "Passthrough (vfio) CCW device does not support secure boot!");
+ return false;
+ case CCW_DEVTYPE_VIRTIO_NET:
+ error_setg(errp, "Virtio net boot device does not support secure boot!");
+ return false;
+ default:
+ return true;
+ }
+}
+
+static void s390_set_secure_boot_flags(IplParameterBlock *iplb,
+ bool secure_boot, bool audit_mode)
+{
+ if (!secure_boot && !audit_mode) {
+ return;
+ }
+
+ /*
+ * If secure-boot is enabled, then toggle the secure IPL flags (SIPL) to
+ * trigger secure boot in the s390 BIOS.
+ *
+ * Boot process will terminate if any error occurs during secure boot.
+ */
+ if (secure_boot) {
+ iplb->hdr_flags |= DIAG308_IPIB_FLAGS_SIPL;
+ }
+
+ /*
+ * For both secure boot and audit mode, enable the IPL Information
+ * Report (IPLIR) flag so that the firmware generates an IPL
+ * Information Report Block (IIRB).
+ *
+ * Results of secure boot will be stored in IIRB.
+ *
+ * Extend the IPL parameter block to its maximum length to ensure
+ * sufficient space for the BIOS to populate the IIRB.
+ */
+ iplb->hdr_flags |= DIAG308_IPIB_FLAGS_IPLIR;
+ iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
+}
+
+static void s390_apply_secure_boot(IplParameterBlock *iplb, int devtype,
+ bool secure_boot, bool audit_mode)
+{
+ Error *local_error = NULL;
+
+ if (!secure_boot && !audit_mode) {
+ return;
+ }
+
+ if (!s390_validate_secure_boot_device(devtype, &local_error)) {
+ error_report_err(local_error);
+ exit(1);
+ }
+
+ s390_set_secure_boot_flags(iplb, secure_boot, audit_mode);
+}
+
static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
{
CcwDevice *ccw_dev = NULL;
@@ -528,31 +590,8 @@ static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
s390_ipl_convert_loadparm((char *)lp, iplb->loadparm);
iplb->flags |= DIAG308_FLAGS_LP_VALID;
- /*
- * If secure-boot is enabled, then toggle the secure IPL flags to
- * trigger secure boot in the s390 BIOS.
- *
- * Boot process will terminate if any error occurs during secure boot.
- *
- * If SIPL is on, IPLIR must also be on.
- */
- if (s390_secure_boot_enabled()) {
- iplb->hdr_flags |= (DIAG308_IPIB_FLAGS_SIPL | DIAG308_IPIB_FLAGS_IPLIR);
- iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
- }
- /*
- * Secure boot in audit mode will perform
- * if certificate(s) exist in the key store.
- *
- * IPL Information Report Block (IIRB) will exist
- * for secure boot in audit mode.
- *
- * Results of secure boot will be stored in IIRB.
- */
- else if (s390_has_certificate()) {
- iplb->hdr_flags |= DIAG308_IPIB_FLAGS_IPLIR;
- iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
- }
+ s390_apply_secure_boot(iplb, devtype, s390_secure_boot_enabled(),
+ s390_has_certificate());
return true;
}
diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index 687946c471..3eccdf1c99 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -305,9 +305,6 @@ static void ipl_ccw_device(void)
switch (cutype) {
case CU_TYPE_DASD_3990:
case CU_TYPE_DASD_2107:
- IPL_assert((boot_mode == ZIPL_BOOT_MODE_NORMAL),
- "Passthrough (vfio) CCW device does not support secure boot!");
-
dasd_ipl(blk_schid, cutype);
break;
case CU_TYPE_VIRTIO:
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* [PATCH v12 31/35] hw/s390x/ipl: Handle secure boot without specifying a boot device
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (29 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 30/35] hw/s390x/ipl: Handle secure boot with multiple boot devices Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 3:28 ` Jared Rossi
2026-07-01 20:49 ` [PATCH v12 32/35] s390x/ipl: re-apply secure boot flags on DIAG 308 reboot Zhuoying Cai
` (3 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
If secure boot in audit mode or True Secure IPL mode is enabled without
specifying a boot device, the boot process will terminate with an error.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
hw/s390x/ipl.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index 0d6a783d9f..f4e01b6918 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -865,6 +865,16 @@ void s390_ipl_prepare_cpu(S390CPU *cpu)
cpu->env.psw.addr = ipl->bios_start_addr;
if (!ipl->iplb_valid) {
ipl->iplb_valid = s390_init_all_iplbs(ipl);
+
+ /*
+ * Secure IPL without specifying a boot device.
+ * IPLB is not generated if no boot device is defined.
+ */
+ if ((s390_has_certificate() || s390_secure_boot_enabled()) &&
+ !ipl->iplb_valid) {
+ error_report("No boot device defined for Secure IPL");
+ exit(1);
+ }
} else {
ipl->qipl.chain_len = 0;
}
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 31/35] hw/s390x/ipl: Handle secure boot without specifying a boot device
2026-07-01 20:49 ` [PATCH v12 31/35] hw/s390x/ipl: Handle secure boot without specifying a boot device Zhuoying Cai
@ 2026-07-02 3:28 ` Jared Rossi
2026-07-02 21:15 ` Zhuoying Cai
0 siblings, 1 reply; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 3:28 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> If secure boot in audit mode or True Secure IPL mode is enabled without
> specifying a boot device, the boot process will terminate with an error.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
> ---
> hw/s390x/ipl.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index 0d6a783d9f..f4e01b6918 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -865,6 +865,16 @@ void s390_ipl_prepare_cpu(S390CPU *cpu)
> cpu->env.psw.addr = ipl->bios_start_addr;
> if (!ipl->iplb_valid) {
> ipl->iplb_valid = s390_init_all_iplbs(ipl);
> +
> + /*
> + * Secure IPL without specifying a boot device.
> + * IPLB is not generated if no boot device is defined.
> + */
> + if ((s390_has_certificate() || s390_secure_boot_enabled()) &&
> + !ipl->iplb_valid) {
> + error_report("No boot device defined for Secure IPL");
> + exit(1);
> + }
> } else {
> ipl->qipl.chain_len = 0;
> }
I think this check should be introduced quite a bit earlier in the
series when audit mode is first added. Audit mode should give a warning
and continue, then this strict enforcement could be added with true
secure IPL mode.
Regards,
Jared Rossi
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 31/35] hw/s390x/ipl: Handle secure boot without specifying a boot device
2026-07-02 3:28 ` Jared Rossi
@ 2026-07-02 21:15 ` Zhuoying Cai
0 siblings, 0 replies; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-02 21:15 UTC (permalink / raw)
To: Jared Rossi, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
Thanks for the feedback!
On 7/1/26 11:28 PM, Jared Rossi wrote:
>
>
> On 7/1/26 4:49 PM, Zhuoying Cai wrote:
>> If secure boot in audit mode or True Secure IPL mode is enabled without
>> specifying a boot device, the boot process will terminate with an error.
>>
>> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>> ---
>> hw/s390x/ipl.c | 10 ++++++++++
>> 1 file changed, 10 insertions(+)
>>
>> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
>> index 0d6a783d9f..f4e01b6918 100644
>> --- a/hw/s390x/ipl.c
>> +++ b/hw/s390x/ipl.c
>> @@ -865,6 +865,16 @@ void s390_ipl_prepare_cpu(S390CPU *cpu)
>> cpu->env.psw.addr = ipl->bios_start_addr;
>> if (!ipl->iplb_valid) {
>> ipl->iplb_valid = s390_init_all_iplbs(ipl);
>> +
>> + /*
>> + * Secure IPL without specifying a boot device.
>> + * IPLB is not generated if no boot device is defined.
>> + */
>> + if ((s390_has_certificate() || s390_secure_boot_enabled()) &&
>> + !ipl->iplb_valid) {
>> + error_report("No boot device defined for Secure IPL");
>> + exit(1);
>> + }
>> } else {
>> ipl->qipl.chain_len = 0;
>> }
>
> I think this check should be introduced quite a bit earlier in the
> series when audit mode is first added. Audit mode should give a warning
> and continue, then this strict enforcement could be added with true
> secure IPL mode.
>
Sure, I can move it earlier. However, my understanding is that we should
always exit when no boot device is specified, regardless of whether
we're in audit or secure mode. For example, if multiple boot devices are
specified, we would verify the current boot device and terminate
immediately if it's unsupported in either mode. Based on that, it seems
that having no valid boot device should also be a hard-stop condition.
Please let me know what you think. Thanks!
> Regards,
> Jared Rossi
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 32/35] s390x/ipl: re-apply secure boot flags on DIAG 308 reboot
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (30 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 31/35] hw/s390x/ipl: Handle secure boot without specifying a boot device Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 3:47 ` Jared Rossi
2026-07-01 20:49 ` [PATCH v12 33/35] tests/functional/s390x: Add secure IPL functional test Zhuoying Cai
` (2 subsequent siblings)
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
The Linux kernel does not preserve hdr_flags in the IPLB across a
reboot, causing secure IPL flags to be lost on re-IPL.
Set secure IPL flasg from s390_ipl_update_diag308() to restore the
flags from the current machine configuration. Device validation is
skipped here as it was already enforced during initial boot.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
hw/s390x/ipl.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index f4e01b6918..f970b34126 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -737,6 +737,14 @@ void s390_ipl_update_diag308(IplParameterBlock *iplb)
} else {
ipl->iplb = *iplb;
ipl->iplb_valid = true;
+
+ /*
+ * The kernel does not preserve secure boot flags across a reboot.
+ * Re-apply them here based on the current machine configuration.
+ */
+ s390_set_secure_boot_flags(&ipl->iplb,
+ s390_secure_boot_enabled(),
+ s390_has_certificate());
}
update_machine_ipl_properties(iplb);
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 32/35] s390x/ipl: re-apply secure boot flags on DIAG 308 reboot
2026-07-01 20:49 ` [PATCH v12 32/35] s390x/ipl: re-apply secure boot flags on DIAG 308 reboot Zhuoying Cai
@ 2026-07-02 3:47 ` Jared Rossi
2026-07-02 17:25 ` Jason J. Herne
0 siblings, 1 reply; 71+ messages in thread
From: Jared Rossi @ 2026-07-02 3:47 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, jjherne,
pasic, borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> The Linux kernel does not preserve hdr_flags in the IPLB across a
> reboot, causing secure IPL flags to be lost on re-IPL.
>
> Set secure IPL flasg from s390_ipl_update_diag308() to restore the
s/flasg/flags
> flags from the current machine configuration. Device validation is
> skipped here as it was already enforced during initial boot.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> hw/s390x/ipl.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index f4e01b6918..f970b34126 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -737,6 +737,14 @@ void s390_ipl_update_diag308(IplParameterBlock *iplb)
> } else {
> ipl->iplb = *iplb;
> ipl->iplb_valid = true;
> +
> + /*
> + * The kernel does not preserve secure boot flags across a reboot.
> + * Re-apply them here based on the current machine configuration.
> + */
> + s390_set_secure_boot_flags(&ipl->iplb,
> + s390_secure_boot_enabled(),
> + s390_has_certificate());
> }
>
> update_machine_ipl_properties(iplb);
Can this be included with the initial implementation of true secure IPL,
or maybe even earlier with audit? I can't imagine any scenario where
secure IPL is intended to be cleared on reboot, so adding this as a
later feature doesn't seem to make sense.
Regards,
Jared Rossi
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 32/35] s390x/ipl: re-apply secure boot flags on DIAG 308 reboot
2026-07-02 3:47 ` Jared Rossi
@ 2026-07-02 17:25 ` Jason J. Herne
0 siblings, 0 replies; 71+ messages in thread
From: Jason J. Herne @ 2026-07-02 17:25 UTC (permalink / raw)
To: Jared Rossi, Zhuoying Cai, qemu-s390x, qemu-devel
Cc: cohuck, berrange, richard.henderson, david, walling, pasic,
borntraeger, farman, mjrosato, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 11:47 PM, Jared Rossi wrote:
>
>
> On 7/1/26 4:49 PM, Zhuoying Cai wrote:
>> The Linux kernel does not preserve hdr_flags in the IPLB across a
>> reboot, causing secure IPL flags to be lost on re-IPL.
>>
>> Set secure IPL flasg from s390_ipl_update_diag308() to restore the
> s/flasg/flags
>
>> flags from the current machine configuration. Device validation is
>> skipped here as it was already enforced during initial boot.
>>
>> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
>> ---
>> hw/s390x/ipl.c | 8 ++++++++
>> 1 file changed, 8 insertions(+)
>>
>> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
>> index f4e01b6918..f970b34126 100644
>> --- a/hw/s390x/ipl.c
>> +++ b/hw/s390x/ipl.c
>> @@ -737,6 +737,14 @@ void s390_ipl_update_diag308(IplParameterBlock
>> *iplb)
>> } else {
>> ipl->iplb = *iplb;
>> ipl->iplb_valid = true;
>> +
>> + /*
>> + * The kernel does not preserve secure boot flags across a
>> reboot.
>> + * Re-apply them here based on the current machine
>> configuration.
>> + */
>> + s390_set_secure_boot_flags(&ipl->iplb,
>> + s390_secure_boot_enabled(),
>> + s390_has_certificate());
>> }
>> update_machine_ipl_properties(iplb);
> Can this be included with the initial implementation of true secure IPL,
> or maybe even earlier with audit? I can't imagine any scenario where
> secure IPL is intended to be cleared on reboot, so adding this as a
> later feature doesn't seem to make sense.
I agree, this should be folded into an earlier patch, wherever it makes
most sense. Unless I am missing something? Everything else here lgtm. If
there is some reason this needs to stay separate, I'd provide my Rb.
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 33/35] tests/functional/s390x: Add secure IPL functional test
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (31 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 32/35] s390x/ipl: re-apply secure boot flags on DIAG 308 reboot Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 1:48 ` Matthew Rosato
2026-07-01 20:49 ` [PATCH v12 34/35] docs/specs: Add secure IPL documentation Zhuoying Cai
2026-07-01 20:49 ` [PATCH v12 35/35] docs/system/s390x: " Zhuoying Cai
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Add functional test for secure IPL.
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
tests/functional/s390x/meson.build | 2 +
tests/functional/s390x/test_secure_ipl.py | 172 ++++++++++++++++++++++
2 files changed, 174 insertions(+)
create mode 100755 tests/functional/s390x/test_secure_ipl.py
diff --git a/tests/functional/s390x/meson.build b/tests/functional/s390x/meson.build
index b065b666bc..16da5f0054 100644
--- a/tests/functional/s390x/meson.build
+++ b/tests/functional/s390x/meson.build
@@ -2,6 +2,7 @@
test_s390x_timeouts = {
'ccw_virtio' : 420,
+ 'secure_ipl' : 360,
}
tests_s390x_system_quick = [
@@ -14,6 +15,7 @@ tests_s390x_system_thorough = [
'ccw_virtio',
'pxelinux',
'replay',
+ 'secure_ipl',
'topology',
'tuxrun',
]
diff --git a/tests/functional/s390x/test_secure_ipl.py b/tests/functional/s390x/test_secure_ipl.py
new file mode 100755
index 0000000000..06fc93e404
--- /dev/null
+++ b/tests/functional/s390x/test_secure_ipl.py
@@ -0,0 +1,172 @@
+#!/usr/bin/env python3
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+"""
+s390x Secure IPL functional test.
+
+Validates s390x secure boot by preparing a signed guest image, booting with
+secure-boot enabled, and verifying cryptographic validation results.
+"""
+
+from subprocess import check_call, DEVNULL
+
+from qemu_test import QemuSystemTest, Asset, get_qemu_img
+from qemu_test import exec_command_and_wait_for_pattern, exec_command
+from qemu_test import wait_for_console_pattern, skipBigDataTest
+
+class S390xSecureIpl(QemuSystemTest):
+ """Test s390x Secure IPL (secure boot) functionality."""
+ ASSET_F40_QCOW2 = Asset(
+ ('https://archives.fedoraproject.org/pub/archive/'
+ 'fedora-secondary/releases/40/Server/s390x/images/'
+ 'Fedora-Server-KVM-40-1.14.s390x.qcow2'),
+ '091c232a7301be14e19c76ce9a0c1cbd2be2c4157884a731e1fc4f89e7455a5f')
+
+ def __init__(self, *args, **kwargs):
+ super().__init__(*args, **kwargs)
+ self.root_password = None
+ self.qcow2_path = None
+ self.cert_path = None
+ self.prompt = None
+
+ def _create_certificate(self, vm):
+ """Generate x509 certificate"""
+ exec_command_and_wait_for_pattern(self,
+ 'openssl version', 'OpenSSL 3.2.1 30',
+ vm=vm)
+ exec_command_and_wait_for_pattern(self,
+ 'openssl req -new -x509 -newkey rsa:2048 '
+ '-keyout mykey.pem -outform PEM -out mycert.pem '
+ '-days 36500 -subj "/CN=My Name/" -nodes -verbose',
+ 'Writing private key to \'mykey.pem\'', vm=vm)
+
+ def _sign_binaries(self, vm):
+ """Sign stage3 binary and kernel"""
+ # Install kernel-devel (needed for sign-file)
+ exec_command_and_wait_for_pattern(self,
+ 'sudo dnf install kernel-devel-$(uname -r) -y',
+ 'Complete!', vm=vm)
+ wait_for_console_pattern(self, self.prompt, vm=vm)
+ exec_command_and_wait_for_pattern(self,
+ 'ls /usr/src/kernels/$(uname -r)/scripts/',
+ 'sign-file', vm=vm)
+
+ # Sign stage3 binary and kernel
+ exec_command(self, '/usr/src/kernels/$(uname -r)/scripts/sign-file '
+ 'sha256 mykey.pem mycert.pem /lib/s390-tools/stage3.bin',
+ vm=vm)
+ wait_for_console_pattern(self, self.prompt, vm=vm)
+ exec_command(self, '/usr/src/kernels/$(uname -r)/scripts/sign-file '
+ 'sha256 mykey.pem mycert.pem /boot/vmlinuz-$(uname -r)',
+ vm=vm)
+ wait_for_console_pattern(self, self.prompt, vm=vm)
+
+ def _run_zipl_secure(self, vm):
+ """Run zipl to prepare for secure boot"""
+ exec_command_and_wait_for_pattern(self, 'zipl --secure 1 -VV', 'Done.',
+ vm=vm)
+
+ def _extract_certificate(self, vm):
+ """Extract certificate from VM to host filesystem"""
+ out = exec_command_and_wait_for_pattern(self, 'cat mycert.pem',
+ '-----END CERTIFICATE-----',
+ vm=vm)
+ # strip first line to avoid console echo artifacts
+ cert = "\n".join(out.decode("utf-8").splitlines()[1:])
+ self.log.info("%s", cert)
+
+ self.cert_path = self.scratch_file("mycert.pem")
+
+ with open(self.cert_path, 'w', encoding="utf-8") as file_object:
+ file_object.write(cert)
+
+ def setup_s390x_secure_ipl(self):
+ """
+ Prepare a secure boot-enabled guest image.
+
+ Boots a temporary VM to generate a certificate, sign boot components
+ (stage3 and kernel), run zipl, and extract the certificate to host.
+ """
+ self.require_netdev('user')
+
+ temp_vm = self.get_vm(name='sipl_setup')
+ temp_vm.set_machine('s390-ccw-virtio')
+
+ asset_path = self.ASSET_F40_QCOW2.fetch()
+ self.qcow2_path = self.scratch_file('f40.qcow2')
+ qemu_img = get_qemu_img(self)
+ check_call([qemu_img, 'create', '-f', 'qcow2', '-b', asset_path,
+ '-F', 'qcow2', self.qcow2_path], stdout=DEVNULL, stderr=DEVNULL)
+
+ temp_vm.set_console()
+ temp_vm.add_args('-nographic',
+ '-accel', 'kvm',
+ '-m', '1024',
+ '-drive',
+ f'id=drive0,if=none,format=qcow2,file={self.qcow2_path}',
+ '-device', 'virtio-blk-ccw,drive=drive0,bootindex=1')
+ temp_vm.launch()
+
+ # Initial root account setup (Fedora first boot screen)
+ self.root_password = 'fedora40password'
+ wait_for_console_pattern(self, 'Please make a selection from the above',
+ vm=temp_vm)
+ exec_command_and_wait_for_pattern(self, '4', 'Password:', vm=temp_vm)
+ exec_command_and_wait_for_pattern(self, self.root_password,
+ 'Password (confirm):', vm=temp_vm)
+ exec_command_and_wait_for_pattern(self, self.root_password,
+ 'Please make a selection from the above',
+ vm=temp_vm)
+
+ # Login as root
+ self.prompt = '[root@localhost ~]#'
+ exec_command_and_wait_for_pattern(self, 'c', 'localhost login:', vm=temp_vm)
+ exec_command_and_wait_for_pattern(self, 'root', 'Password:', vm=temp_vm)
+ exec_command_and_wait_for_pattern(self, self.root_password, self.prompt,
+ vm=temp_vm)
+
+ self._create_certificate(temp_vm)
+ self._sign_binaries(temp_vm)
+ self._run_zipl_secure(temp_vm)
+ self._extract_certificate(temp_vm)
+
+ # Shutdown temp vm
+ temp_vm.shutdown()
+
+ @skipBigDataTest()
+ def test_s390x_secure_ipl(self):
+ """
+ Verify secure boot validation during s390x guest boot.
+
+ Expects two "Verified component" messages and confirms
+ /sys/firmware/ipl/secure reports secure boot is active.
+ """
+ self.require_accelerator('kvm')
+ self.setup_s390x_secure_ipl()
+
+ self.set_machine('s390-ccw-virtio')
+
+ self.vm.set_console()
+ self.vm.add_args('-nographic',
+ '-machine', 's390-ccw-virtio,secure-boot=on,'
+ f'boot-certs.0.path={self.cert_path}',
+ '-accel', 'kvm',
+ '-m', '1024',
+ '-drive',
+ f'id=drive1,if=none,format=qcow2,file={self.qcow2_path}',
+ '-device', 'virtio-blk-ccw,drive=drive1,bootindex=1')
+ self.vm.launch()
+
+ # Expect two verified components
+ verified_output = "Verified component"
+ wait_for_console_pattern(self, verified_output)
+ wait_for_console_pattern(self, verified_output)
+
+ # Login and verify the vm is booted using secure boot
+ wait_for_console_pattern(self, 'localhost login:')
+ exec_command_and_wait_for_pattern(self, 'root', 'Password:')
+ exec_command_and_wait_for_pattern(self, self.root_password, self.prompt)
+ exec_command_and_wait_for_pattern(self, 'cat /sys/firmware/ipl/secure', '1')
+
+if __name__ == '__main__':
+ QemuSystemTest.main()
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 33/35] tests/functional/s390x: Add secure IPL functional test
2026-07-01 20:49 ` [PATCH v12 33/35] tests/functional/s390x: Add secure IPL functional test Zhuoying Cai
@ 2026-07-02 1:48 ` Matthew Rosato
2026-07-02 15:38 ` Zhuoying Cai
0 siblings, 1 reply; 71+ messages in thread
From: Matthew Rosato @ 2026-07-02 1:48 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> Add functional test for secure IPL.
Thanks for writing a test! I (accidentally) verified that it fails
without a s390-ccw.img that includes your changes + passes once your
changes are built.
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
But one question below, possibly a future enhancement...
[...]
> + @skipBigDataTest()
> + def test_s390x_secure_ipl(self):
> + """
> + Verify secure boot validation during s390x guest boot.
> +
> + Expects two "Verified component" messages and confirms
> + /sys/firmware/ipl/secure reports secure boot is active.
> + """
> + self.require_accelerator('kvm')
I thought this would work for tcg too? If so it would be nice to be
able to enable this test also for cross-platform testing w/ tcg..
Thanks,
Matt
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 33/35] tests/functional/s390x: Add secure IPL functional test
2026-07-02 1:48 ` Matthew Rosato
@ 2026-07-02 15:38 ` Zhuoying Cai
2026-07-02 16:06 ` Matthew Rosato
0 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-02 15:38 UTC (permalink / raw)
To: Matthew Rosato, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 9:48 PM, Matthew Rosato wrote:
> On 7/1/26 4:49 PM, Zhuoying Cai wrote:
>> Add functional test for secure IPL.
>
> Thanks for writing a test! I (accidentally) verified that it fails
> without a s390-ccw.img that includes your changes + passes once your
> changes are built.
>
> Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
>
Thanks for the review!
> But one question below, possibly a future enhancement...
>
> [...]
>
>> + @skipBigDataTest()
>> + def test_s390x_secure_ipl(self):
>> + """
>> + Verify secure boot validation during s390x guest boot.
>> +
>> + Expects two "Verified component" messages and confirms
>> + /sys/firmware/ipl/secure reports secure boot is active.
>> + """
>> + self.require_accelerator('kvm')
>
> I thought this would work for tcg too? If so it would be nice to be
> able to enable this test also for cross-platform testing w/ tcg..
>
Yes, it works with tcg as well. I ran the test with tcg last night and
again this morning, and it passed both times. The main issue is that it
took about 3060 seconds to complete due to the relatively slow nature of
tcg and the amount of setup performed by the test.
We could enable the test for tcg and use tcg whenever kvm is not
available, but we would need to significantly increase the timeout
compared to the kvm case. I think something around 5000 seconds would be
reasonable to avoid unexpected timeout failures. If that sounds
acceptable, I can enable it in the next version.
(Interestingly, when I tried running this test with tcg a while ago, it
did not work because account initialization failed during setup and the
guest dropped into emergency mode
<https://lore.kernel.org/qemu-devel/7582a154-7f9f-4161-bf39-8d20930a1d27@linux.ibm.com/>.
It looks like something has changed since then, as the test now
completes successfully.)
> Thanks,
> Matt
>
^ permalink raw reply [flat|nested] 71+ messages in thread* Re: [PATCH v12 33/35] tests/functional/s390x: Add secure IPL functional test
2026-07-02 15:38 ` Zhuoying Cai
@ 2026-07-02 16:06 ` Matthew Rosato
0 siblings, 0 replies; 71+ messages in thread
From: Matthew Rosato @ 2026-07-02 16:06 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/2/26 11:38 AM, Zhuoying Cai wrote:
> On 7/1/26 9:48 PM, Matthew Rosato wrote:
>> On 7/1/26 4:49 PM, Zhuoying Cai wrote:
>>
>> I thought this would work for tcg too? If so it would be nice to be
>> able to enable this test also for cross-platform testing w/ tcg..
>>
>
> Yes, it works with tcg as well. I ran the test with tcg last night and
> again this morning, and it passed both times. The main issue is that it
> took about 3060 seconds to complete due to the relatively slow nature of
> tcg and the amount of setup performed by the test.
>
> We could enable the test for tcg and use tcg whenever kvm is not
> available, but we would need to significantly increase the timeout
> compared to the kvm case. I think something around 5000 seconds would be
> reasonable to avoid unexpected timeout failures. If that sounds
> acceptable, I can enable it in the next version.
Oof.
We could potentially control this with $QEMU_TEST_ALLOW_SLOW; but let's
leave it as is for now and consider incorporating tcg testing as a
follow-on.
Thanks,
Matt
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 34/35] docs/specs: Add secure IPL documentation
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (32 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 33/35] tests/functional/s390x: Add secure IPL functional test Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 2:54 ` Matthew Rosato
2026-07-01 20:49 ` [PATCH v12 35/35] docs/system/s390x: " Zhuoying Cai
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Add documentation for secure IPL
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
docs/specs/s390x-secure-ipl.rst | 55 +++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
index 0f92ff96b9..65a4b2f624 100644
--- a/docs/specs/s390x-secure-ipl.rst
+++ b/docs/specs/s390x-secure-ipl.rst
@@ -1,5 +1,60 @@
.. SPDX-License-Identifier: GPL-2.0-or-later
+s390 Secure IPL
+===============
+
+Secure IPL (a.k.a. secure boot) enables s390-ccw virtual machines to
+leverage qcrypto libraries and z/Architecture emulations to verify the
+integrity of signed kernels. The qcrypto libraries are used to perform
+certificate validation and signature-verification, whereas the
+z/Architecture emulations are used to ensure secure IPL data has not
+been tampered with, convey data between QEMU and guest code, and set up
+the relevant secure IPL data structures with verification results.
+
+To find out more about using this feature, see
+:doc:`documentation </system/s390x/secure-ipl>`.
+
+Note that "guest code" will refer to the s390-ccw BIOS unless stated
+otherwise.
+
+Both QEMU and guest code work in cooperation to perform secure IPL. The Secure
+Loading Attributes Facility (SCLAF) is used to check the Secure Code
+Loading Attribute Block (SCLAB) and ensure that secure IPL data has not
+been tampered with. DIAGNOSE 'X'320' is invoked by guest code to query
+the certificate store info and retrieve specific certificates from QEMU.
+DIAGNOSE 'X'508' is used by guest code to leverage qcrypto libraries to
+perform signature-verification in QEMU. Lastly, guest code generates and
+appends an IPL Information Report Block (IIRB) at the end of the IPL
+Parameter Block, which is used by the kernel to store signed and
+verified entries.
+
+The logical steps are as follows:
+
+- guest code reads data payload from disk (e.g. stage3 boot loader, kernel)
+- guest code checks the validity of the SCLAB
+- guest code invokes DIAG 508 subcode 1 and provides it the payload
+- QEMU handles DIAG 508 request by reading the payload and retrieving the
+ certificate store
+- QEMU DIAG 508 utilizes qcrypto libraries to perform signature-verification on
+ the payload, attempting with each cert in the store (until success or
+ exhausted)
+- QEMU DIAG 508 returns:
+
+ - success: index of cert used to verify payload
+ - failure: error code
+
+- guest code responds to this operation:
+
+ - success: retrieves cert from store via DIAG 320 using returned index
+ - failure: reports with warning (audit mode), aborts with error (secure mode)
+
+- guest code appends IIRB at the end of the IPLB
+- guest code kicks off IPL
+
+More information regarding the respective DIAGNOSE commands and IPL data
+structures are outlined within this document.
+
+
s390 Certificate Store and Functions
------------------------------------
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 34/35] docs/specs: Add secure IPL documentation
2026-07-01 20:49 ` [PATCH v12 34/35] docs/specs: Add secure IPL documentation Zhuoying Cai
@ 2026-07-02 2:54 ` Matthew Rosato
0 siblings, 0 replies; 71+ messages in thread
From: Matthew Rosato @ 2026-07-02 2:54 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> Add documentation for secure IPL
>
> Signed-off-by: Collin Walling <walling@linux.ibm.com>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
> docs/specs/s390x-secure-ipl.rst | 55 +++++++++++++++++++++++++++++++++
> 1 file changed, 55 insertions(+)
>
> diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
> index 0f92ff96b9..65a4b2f624 100644
> --- a/docs/specs/s390x-secure-ipl.rst
> +++ b/docs/specs/s390x-secure-ipl.rst
> @@ -1,5 +1,60 @@
> .. SPDX-License-Identifier: GPL-2.0-or-later
>
> +s390 Secure IPL
> +===============
> +
> +Secure IPL (a.k.a. secure boot) enables s390-ccw virtual machines to
> +leverage qcrypto libraries and z/Architecture emulations to verify the
s/emulations/emulation/ ?
> +integrity of signed kernels. The qcrypto libraries are used to perform
> +certificate validation and signature-verification, whereas the
> +z/Architecture emulations are used to ensure secure IPL data has not
emulation is used ?
> +been tampered with, convey data between QEMU and guest code, and set up
> +the relevant secure IPL data structures with verification results.
> +
> +To find out more about using this feature, see
> +:doc:`documentation </system/s390x/secure-ipl>`.
> +
> +Note that "guest code" will refer to the s390-ccw BIOS unless stated
> +otherwise.
> +
> +Both QEMU and guest code work in cooperation to perform secure IPL. The Secure
> +Loading Attributes Facility (SCLAF) is used to check the Secure Code
Secure 'Code' Loading Attributes Facility ?
> +Loading Attribute Block (SCLAB) and ensure that secure IPL data has not
> +been tampered with. DIAGNOSE 'X'320' is invoked by guest code to query
> +the certificate store info and retrieve specific certificates from QEMU.
> +DIAGNOSE 'X'508' is used by guest code to leverage qcrypto libraries to
> +perform signature-verification in QEMU. Lastly, guest code generates and
> +appends an IPL Information Report Block (IIRB) at the end of the IPL
> +Parameter Block, which is used by the kernel to store signed and
IPL Parameter Block (IPLB) ?
> +verified entries.
> +
> +The logical steps are as follows:
> +
> +- guest code reads data payload from disk (e.g. stage3 boot loader, kernel)
> +- guest code checks the validity of the SCLAB
> +- guest code invokes DIAG 508 subcode 1 and provides it the payload
drop the word 'it'
> +- QEMU handles DIAG 508 request by reading the payload and retrieving the
> + certificate store
> +- QEMU DIAG 508 utilizes qcrypto libraries to perform signature-verification on
'QEMU DIAG 508 handler'
> + the payload, attempting with each cert in the store (until success or
> + exhausted)
> +- QEMU DIAG 508 returns:
> +
> + - success: index of cert used to verify payload
> + - failure: error code
> +
> +- guest code responds to this operation:
QEMU can't control what the guest will do. Maybe better to say
something like...
'guest code is expected to respond to this operation by:'
With those changes (please remember to stay within 80 columns):
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
> +
> + - success: retrieves cert from store via DIAG 320 using returned index
> + - failure: reports with warning (audit mode), aborts with error (secure mode)
> +
> +- guest code appends IIRB at the end of the IPLB
> +- guest code kicks off IPL
> +
> +More information regarding the respective DIAGNOSE commands and IPL data
> +structures are outlined within this document.
> +
> +
> s390 Certificate Store and Functions
> ------------------------------------
>
^ permalink raw reply [flat|nested] 71+ messages in thread
* [PATCH v12 35/35] docs/system/s390x: Add secure IPL documentation
2026-07-01 20:48 [PATCH v12 00/35] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices Zhuoying Cai
` (33 preceding siblings ...)
2026-07-01 20:49 ` [PATCH v12 34/35] docs/specs: Add secure IPL documentation Zhuoying Cai
@ 2026-07-01 20:49 ` Zhuoying Cai
2026-07-02 3:06 ` Matthew Rosato
34 siblings, 1 reply; 71+ messages in thread
From: Zhuoying Cai @ 2026-07-01 20:49 UTC (permalink / raw)
To: qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, mjrosato, iii, eblake,
armbru, zycai, alifm, brueckner, pierrick.bouvier, jdaley
Add documentation for secure IPL
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
Reviewed-by: Joshua Daley <jdaley@linux.ibm.com>
---
docs/system/s390x/secure-ipl.rst | 103 +++++++++++++++++++++++++++++++
1 file changed, 103 insertions(+)
diff --git a/docs/system/s390x/secure-ipl.rst b/docs/system/s390x/secure-ipl.rst
index c8fb887ac0..91c9c4be11 100644
--- a/docs/system/s390x/secure-ipl.rst
+++ b/docs/system/s390x/secure-ipl.rst
@@ -1,5 +1,22 @@
.. SPDX-License-Identifier: GPL-2.0-or-later
+s390 Secure IPL
+===============
+
+Secure IPL, also known as secure boot, enables s390-ccw virtual machines to
+verify the integrity of guest kernels.
+
+For technical details of this feature, see the
+:doc:`specs document </specs/s390x-secure-ipl>`.
+
+This document explains how to use secure IPL with s390x in QEMU. It covers
+the command line options for providing certificates and enabling secure IPL,
+the different IPL modes (Normal, Audit, and Secure), and system requirements.
+
+A quickstart guide is provided to demonstrate how to generate certificates,
+sign images, and start a guest in Secure Mode.
+
+
Secure IPL Command Line Options
-------------------------------
@@ -79,3 +96,89 @@ Configuration:
.. code-block:: shell
qemu-system-s390x -machine s390-ccw-virtio,secure-boot=on,boot-certs.0.path=/.../qemu/certs,boot-certs.1.path=/another/path/cert.pem ...
+
+
+Constraints
+-----------
+
+The following constraints apply when attempting to boot an s390x guest in secure
+mode:
+
+- z16 or "qemu" CPU model
+- certificates must be in X.509 PEM format
+- only support for SCSI scheme of virtio-blk/virtio-scsi devices
+- a boot device must be specified
+- any unsupported devices (e.g., ECKD and VFIO) or non-eligible devices (e.g.,
+ network) will cause the entire boot process terminating early with an error
+ logged to the console.
+
+
+Secure IPL Quickstart
+---------------------
+
+Build QEMU with gnutls enabled
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: shell
+
+ ./configure … --enable-gnutls
+
+Generate certificate (e.g. via certtool)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+A private key is required before generating a certificate. This key must be kept
+secure and confidential.
+
+Use an RSA private key for signing.
+
+.. code-block:: shell
+
+ certtool --generate-privkey > key.pem
+
+A self-signed certificate requires the organization name. Use the ``cert.info``
+template to pre-fill values and avoid interactive prompts from certtool.
+
+.. code-block:: shell
+
+ cat > cert.info <<EOF
+ cn = "My Name"
+ expiration_days = 36500
+ cert_signing_key
+ EOF
+
+ certtool --generate-self-signed \
+ --load-privkey key.pem \
+ --template cert.info \
+ --hash=SHA256 \
+ --outfile cert.pem
+
+Sign Images (e.g. via sign-file)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- signing must be performed on a guest filesystem
+- sign-file script used in the example below is located within the kernel source
+ repo
+
+.. code-block:: shell
+
+ ./sign-file sha256 key.pem cert.pem /boot/vmlinuz-…
+ ./sign-file sha256 key.pem cert.pem /usr/lib/s390-tools/stage3.bin
+
+Note: re-signing a component will not verify correctly; the existing signature
+must be stripped before a new one is applied.
+
+Run zipl with secure boot enabled
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- zipl must be performed on a guest filesystem
+
+.. code-block:: shell
+
+ zipl --secure 1 -V
+
+Command line options for starting the guest
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: shell
+
+ qemu-system-s390x -machine s390-ccw-virtio,secure-boot=on,boot-certs.0.path=cert.pem ...
--
2.54.0
^ permalink raw reply related [flat|nested] 71+ messages in thread* Re: [PATCH v12 35/35] docs/system/s390x: Add secure IPL documentation
2026-07-01 20:49 ` [PATCH v12 35/35] docs/system/s390x: " Zhuoying Cai
@ 2026-07-02 3:06 ` Matthew Rosato
0 siblings, 0 replies; 71+ messages in thread
From: Matthew Rosato @ 2026-07-02 3:06 UTC (permalink / raw)
To: Zhuoying Cai, qemu-s390x, qemu-devel
Cc: jrossi, cohuck, berrange, richard.henderson, david, walling,
jjherne, pasic, borntraeger, farman, iii, eblake, armbru, alifm,
brueckner, pierrick.bouvier, jdaley
On 7/1/26 4:49 PM, Zhuoying Cai wrote:
> Add documentation for secure IPL
>
> Signed-off-by: Collin Walling <walling@linux.ibm.com>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> Reviewed-by: Joshua Daley <jdaley@linux.ibm.com>
> ---
...
> +Constraints
> +-----------
> +
> +The following constraints apply when attempting to boot an s390x guest in secure
> +mode:
> +
> +- z16 or "qemu" CPU model
> +- certificates must be in X.509 PEM format
> +- only support for SCSI scheme of virtio-blk/virtio-scsi devices
> +- a boot device must be specified
> +- any unsupported devices (e.g., ECKD and VFIO) or non-eligible devices (e.g.,
> + network) will cause the entire boot process terminating early with an error
to terminate early, with an...
> + logged to the console.
> +
> +
> +Secure IPL Quickstart
> +---------------------
> +
> +Build QEMU with gnutls enabled
> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> +
> +.. code-block:: shell
> +
> + ./configure … --enable-gnutls
> +
> +Generate certificate (e.g. via certtool)
> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> +
> +A private key is required before generating a certificate. This key must be kept
> +secure and confidential.
> +
> +Use an RSA private key for signing.
> +
> +.. code-block:: shell
> +
> + certtool --generate-privkey > key.pem
> +
> +A self-signed certificate requires the organization name. Use the ``cert.info``
> +template to pre-fill values and avoid interactive prompts from certtool.
> +
> +.. code-block:: shell
> +
> + cat > cert.info <<EOF
> + cn = "My Name"
> + expiration_days = 36500
Maybe the example should be more realistic, like 365 days?
With those changes (reminder, check for 80 columns):
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
^ permalink raw reply [flat|nested] 71+ messages in thread