IBM Secure Execution for Linux

Every IBM z16 server is equipped with a private host key that is specific to that server. The key is protected by hardware and firmware. The cloud provider cannot access or manipulate the private host key. Cloud providers who run their cloud on z16 obtain a host key document from IBM. The host key document contains the public key associated with the private host key of that server. The cloud providers can distribute a host key document to cloud customers who want to run their workload in a z16 based cloud environment.

As a workload owner, you encrypt files that are necessary for booting by using the host key document of the cloud provider.

For more information, see "Introducing IBM Secure Execution for Linux" on the IBM Knowledge Center: https://www.ibm.com/support/knowledgecenter/linuxonibm/liaaf/lnz_r_dse.html

Use the files available through this page to verify the host key document. The procedure is outlined in the referred publication.