The PowerPC/POWER architecture changes were sent in today for the ongoing Linux 5.4 merge window. This time around are some interesting POWER changes with work on their means of secure virtual machines.
The Linux 5.4 kernel for POWER is bringing initial support for running on a system with an Ultravisor, which is IBM’s approach for code running underneath a hypervisor and used for protecting guests from attacks by the hypervisor. Similarly, Linux 5.4 brings support for building a kernel to run as a Secure Virtual Machine (SVM) — a guest running within an Ultravisor-ed environment.
The Ultravisor / SVM support is part of IBM’s approach for protected computing that is akin to the approaches of Intel SGX and AMD Secure Encrypted Virtualization (SEV). IBM’s Ultravisor code runs with higher privileges than the virtualization hypervisor and in turn the virtual machines rely upon IBM Protected Execution for verifying the behavior of the hypervisor/ultravisor. More details on IBM’s approach to secure virtualization for POWER can be found at developer.ibm.com.
Other POWER work for Linux 5.4 includes supporting more than 2GB of DMA space, support for firmware-assisted crash dumps, and other code clean-ups/fixes/improvements. More details via the pull request.
>> Source Link