Ran virt-host-validate and received the expected warning: "WARN (IBM Secure Execution appears to be disabled in kernel. Add prot_virt=1 to kernel cmdline arguments)"
Enabled protected virtualization by adding kernel parameter "prot_virt=1" and rebooted.
Libvirts cached capabilities file was updated and virt-host-validate returned "PASS" for "QEMU: Checking for secure guest support" and as expected an SE guest was able to start.
Disabled protected virtualization by changing kernel parameter "prot_virt=1" to "prot-virt=0" and rebooted.
Libvirts cached capabilities file was updated and virt-host-validate returned "WARN..." for "QEMU: Checking for secure guest support" and as expected an SE guest was NOT able to start.
Reenabled protected virtualization by changing kernel parameter "prot-virt=0" to "prot-virt=1" and rebooted.
Libvirts cached capabilities file was updated and virt-host-validate returned "PASS" for "QEMU: Checking for secure guest support" and as expected an SE guest was able to start.
------- Comment From <email address hidden> 2020-09-24 09:56 EDT------- sources. list.d/ ubuntu- $(lsb_release -cs)-proposed.list ports.ubuntu. com/ubuntu- ports $(lsb_release -cs)-proposed restricted main multiverse universe
Installed focal.
Added proposed repo
$ cat <<EOF >/etc/apt/
# Enable Ubuntu proposed archive
deb http://
EOF
Ran
$ apt-get upgrade
Checked installed packages clients/ focal-proposed, now 6.0.0-0ubuntu8.4 s390x [installed] daemon- driver- qemu/focal- proposed, now 6.0.0-0ubuntu8.4 s390x [installed] daemon- driver- storage- rbd/focal- proposed, now 6.0.0-0ubuntu8.4 s390x [installed, automatic] daemon- system- systemd/ focal-proposed, now 6.0.0-0ubuntu8.4 s390x [installed, automatic] daemon- system/ focal-proposed, now 6.0.0-0ubuntu8.4 s390x [installed] daemon/ focal-proposed, now 6.0.0-0ubuntu8.4 s390x [installed] focal-proposed, now 6.0.0-0ubuntu8.4 s390x [installed, automatic] 5.4.0-48- generic/ focal-updates, focal-security, focal-proposed, now 5.4.0-48.52 s390x [installed, automatic] generic/ focal-updates, focal-security, now 5.4.0.48.51 s390x [installed, upgradable to: 5.4.0.49.52] extra/focal- updates, focal-security, now 1:4.2-3ubuntu6.6 s390x [installed, automatic] focal-updates, focal-security, now 1:4.2-3ubuntu6.6 s390x [installed] common/ focal-updates, focal-security, now 1:4.2-3ubuntu6.6 s390x [installed, automatic] data/focal- updates, focal-security, now 1:4.2-3ubuntu6.6 all [installed, automatic] s390x/focal- updates, focal-security, now 1:4.2-3ubuntu6.6 s390x [installed, automatic] focal-updates, focal-security, now 1:4.2-3ubuntu6.6 s390x [installed, automatic]
$ apt list --installed | grep -e libvirt -e qemu -e linux-image
libvirt-
libvirt-
libvirt-
libvirt-
libvirt-
libvirt-
libvirt0/
linux-image-
linux-image-
qemu-block-
qemu-kvm/
qemu-system-
qemu-system-
qemu-system-
qemu-utils/
Ran virt-host-validate and received the expected warning: "WARN (IBM Secure Execution appears to be disabled in kernel. Add prot_virt=1 to kernel cmdline arguments)"
Enabled protected virtualization by adding kernel parameter "prot_virt=1" and rebooted.
Libvirts cached capabilities file was updated and virt-host-validate returned "PASS" for "QEMU: Checking for secure guest support" and as expected an SE guest was able to start.
Disabled protected virtualization by changing kernel parameter "prot_virt=1" to "prot-virt=0" and rebooted.
Libvirts cached capabilities file was updated and virt-host-validate returned "WARN..." for "QEMU: Checking for secure guest support" and as expected an SE guest was NOT able to start.
Reenabled protected virtualization by changing kernel parameter "prot-virt=0" to "prot-virt=1" and rebooted.
Libvirts cached capabilities file was updated and virt-host-validate returned "PASS" for "QEMU: Checking for secure guest support" and as expected an SE guest was able to start.