On 04.03.20 09:59, Janosch Frank wrote: > On 3/3/20 5:13 PM, David Hildenbrand wrote: >> On 03.03.20 16:50, Janosch Frank wrote: >>> The POP states that for a list directed IPL the IPLB is stored into >>> memory by the machine loader and its address is stored at offset 0x14 >>> of the lowcore. >>> >>> ZIPL currently uses the address in offset 0x14 to access the IPLB and >>> acquire flags about secure boot. If the IPLB address points into >>> memory which has an unsupported mix of flags set, ZIPL will panic >>> instead of booting the OS. >>> >>> As the lowcore can have quite a high entropy for a guest that did drop >>> out of protected mode (i.e. rebooted) we encountered the ZIPL panic >>> quite often. >> >> How did this ever work? Or does this only become relevant with secure boot? > > I'd guess that until secure boot ZIPL never touched this and with it we > never hit the right combination of flags to trigger a ZIPL panic. > > This way of getting to the IPLB was used before diag308 was available, > i.e. way before KVM got to IBM Z. It looks like ZIPL only uses it for > secure boot for some reason and hence we never implemented it before. > > I'm also in discussion with the ZIPL developers to make this more robust. >
Thanks for the clarification! [...] > > Do you want to add a patch or shall I add it to my cleanup series? Would be great if you could add a cleanup. -- Thanks, David / dhildenb
