Re: [PATCH v6 20/28] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF)

[Thomas Huth <thuth@redhat.com>]

On 18/09/2025 01.21, Zhuoying Cai wrote:
> The secure-IPL-code-loading-attributes facility (SCLAF)
> provides additional security during secure IPL.
> 
> Availability of SCLAF is determined by byte 136 bit 3 of the
> SCLP Read Info block.
> 
> This feature is available starting with the gen16 CPU model.
> 
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> Reviewed-by: Collin Walling <walling@linux.ibm.com>
> ---
>   docs/specs/s390x-secure-ipl.rst     | 25 +++++++++++++++++++++++++
>   target/s390x/cpu_features.c         |  2 ++
>   target/s390x/cpu_features_def.h.inc |  1 +
>   target/s390x/cpu_models.c           |  3 +++
>   target/s390x/gen-features.c         |  2 ++
>   target/s390x/kvm/kvm.c              |  1 +
>   6 files changed, 34 insertions(+)
> 
> diff --git a/docs/specs/s390x-secure-ipl.rst b/docs/specs/s390x-secure-ipl.rst
> index 760a066084..a19b976e25 100644
> --- a/docs/specs/s390x-secure-ipl.rst
> +++ b/docs/specs/s390x-secure-ipl.rst
> @@ -85,3 +85,28 @@ operations such as:
>   * certificate data
>   
>   The guest kernel will inspect the IIRB and build the keyring.
> +
> +
> +Secure Code Loading Attributes Facility
> +---------------------------------
> +
> +The Secure Code Loading Attributes Facility (SCLAF) enhances system security during the
> +IPL by enforcing additional verification rules.

Please wrap your text so that it fits into 80 columns.
(Not sure why checkpatch.pl is not warning here...?)

> +When SCLAF is available, its behavior depends on the IPL mode. It introduces verification
> +of both signed and unsigned components to help ensure that only authorized code is loaded
> +during the IPL process. Any errors detected by SCLAF are reported in the IIRB.
>
> +Unsigned components are restricted to load addresses at or above absolute storage address
> +``0x2000``.
> +
> +Signed components must include a Secure Code Loading Attribute Block (SCLAB), which is
> +appended at the very end of the component. The SCLAB defines security attributes for
> +handling the signed code. Specifically, it may:
> +
> +* Provide direction on how to process the rest of the component.
> +
> +* Provide further validation of information on where to load the signed binary code
> +  from the load device.
> +
> +* Specify where to start the execution of the loaded OS code.

Do you maybe want to mention any tool from s390-tools that helps with this 
task (assuming that there is one)? (or should that rather not be part of the 
specs here?)

...
> diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
> index bd2060ab93..c3e0c6ceff 100644
> --- a/target/s390x/gen-features.c
> +++ b/target/s390x/gen-features.c
> @@ -722,6 +722,7 @@ static uint16_t full_GEN16_GA1[] = {
>       S390_FEAT_UV_FEAT_AP_INTR,
>       S390_FEAT_CERT_STORE,
>       S390_FEAT_SIPL,
> +    S390_FEAT_SCLAF,
>   };
 >
>   static uint16_t full_GEN17_GA1[] = {
> @@ -924,6 +925,7 @@ static uint16_t qemu_MAX[] = {
>       S390_FEAT_EXTENDED_LENGTH_SCCB,
>       S390_FEAT_CERT_STORE,
>       S390_FEAT_SIPL,
> +    S390_FEAT_SCLAF,
>   };

In the cover letter you wrote "All actions must be performed on a KVM guest" 
... so does this feature depend on KVM or not? If you cannot use the feature 
with TCG, I think you should not add this to the "qemu_MAX" CPU model?

  Thomas