Re: [PATCH v3 28/28] docs: Add secure IPL documentation

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 28/28] docs: Add secure IPL documentation

From:	Daniel P . Berrangé
Subject:	Re: [PATCH v3 28/28] docs: Add secure IPL documentation
Date:	Fri, 6 Jun 2025 12:04:54 +0100
User-agent:	Mutt/2.2.14 (2025-02-20)

On Wed, Jun 04, 2025 at 05:56:56PM -0400, Zhuoying Cai wrote:
> Add documentation for secure IPL
> 
> Signed-off-by: Collin Walling <walling@linux.ibm.com>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
>  docs/specs/s390x-secure-ipl.rst  | 145 +++++++++++++++++++++++++++++++
>  docs/system/s390x/secure-ipl.rst | 129 +++++++++++++++++++++++++++
>  2 files changed, 274 insertions(+)
>  create mode 100644 docs/specs/s390x-secure-ipl.rst
>  create mode 100644 docs/system/s390x/secure-ipl.rst
> 

> +Secure IPL Quickstart
> +=====================
> +
> +Build QEMU with gnutls enabled:
> +
> +.. code-block:: shell
> +
> +    ./configure … --enable-gnutls
> +
> +Generate certificate (e.g. via openssl):
> +
> +.. code-block:: shell
> +
> +    openssl req -new -x509 -newkey rsa:2048 -keyout mykey.priv \
> +                -outform DER -out mycert.der -days 36500 \
> +                -subj "/CN=My Name/" -nodes

Please illustrate with gnutls 'certtool' for consistency
with other cert creation docs we have at:

  https://www.qemu.org/docs/master/system/tls.html


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v3 19/28] pc-bios/s390-ccw: Refactor zipl_load_segment function, (continued)
- [PATCH v3 19/28] pc-bios/s390-ccw: Refactor zipl_load_segment function, Zhuoying Cai, 2025/06/04
- [PATCH v3 18/28] pc-bios/s390-ccw: Refactor zipl_run(), Zhuoying Cai, 2025/06/04
- [PATCH v3 21/28] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF), Zhuoying Cai, 2025/06/04
- [PATCH v3 20/28] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode, Zhuoying Cai, 2025/06/04
- [PATCH v3 26/28] pc-bios/s390-ccw: Handle secure boot with multiple boot devices, Zhuoying Cai, 2025/06/04
- [PATCH v3 25/28] pc-bios/s390-ccw: Handle true secure IPL mode, Zhuoying Cai, 2025/06/04
- [PATCH v3 22/28] pc-bios/s390-ccw: Add additional security checks for secure boot, Zhuoying Cai, 2025/06/04
- [PATCH v3 23/28] Add secure-boot to s390-ccw-virtio machine type option, Zhuoying Cai, 2025/06/04
- [PATCH v3 27/28] hw/s390x/ipl: Handle secure boot without specifying a boot device, Zhuoying Cai, 2025/06/04
- [PATCH v3 28/28] docs: Add secure IPL documentation, Zhuoying Cai, 2025/06/04
  - Re: [PATCH v3 28/28] docs: Add secure IPL documentation, Daniel P . Berrangé <=
  - Re: [PATCH v3 28/28] docs: Add secure IPL documentation, Collin Walling, 2025/06/17
- [PATCH v3 24/28] hw/s390x/ipl: Set IPIB flags for secure IPL, Zhuoying Cai, 2025/06/04

Prev by Date: Re: [PATCH v3 12/28] s390x/diag: Implement DIAG 508 subcode 1 for signature verification
Next by Date: Re: [PULL 09/17] hw/display: re-arrange memory region tracking
Previous by thread: [PATCH v3 28/28] docs: Add secure IPL documentation
Next by thread: Re: [PATCH v3 28/28] docs: Add secure IPL documentation
Index(es):
- Date
- Thread