What you should know
Before you start working with IBM Secure Execution, find out about prerequisites and restrictions.
IBM® Secure Execution for Linux® requires an IBM z15® or LinuxONE III or later models with the feature installed.
As the host is not allowed to access guest memory and state, certain KVM features are not
supported, including:
- Live migration. Offline migration is possible, if the guest is built for more than one host. For more information about how to build for multiple hosts, see genprotimg - Generate an IBM Secure Execution image
- Save to and restore from disk.
- Hypervisor-initiated memory dump.
- Pass-through of host devices, for example PCI and CCW.
- Using huge memory pages on the host for backing guest memory.
- Memory ballooning through a virtio-balloon device.
In contrast to regular KVM guests, guests running in Secure Execution mode are limited to 247 virtual CPUs.