Monday, July 10, 2023

KVM in Linux Distributions in 2Q 2023

Second quarter of 2023 was quite productive in terms of new Linux distribution releases and KVM related features shipped in there. Here they are, in chronological order.

Ubuntu 23.04 

The most recent Ubuntu release contains the following new KVM-related functionality:
  • Interpretive vfio-pci support for ISM: Allows pass-through of ISM devices to KVM guests, enabling high-bandwith and low-latency network communications using SMC-D.
  • Encrypted dump for Secure Execution: Enhances problem determination capabilities while not compromising the security of secure KVM guests.
  • Bus id for subchannels: Allows you to identify passthrough CCW devices by their device bus id in the host without going through hoops.
  • Driverctl now lists persisted overrides: Makes it easier to identify and manage passthrough devices.

RHEL 8.8 and 9.2

While being distinct releases, both share the same set of new functionality, which is:
  • Interpretive vfio-pci support for ISM: Which allows pass-through of ISM devices to KVM guests, enabling high-bandwith and low-latency network communication using SMC-D.
  • Encrypted dump for Secure Execution: Enhances problem determination capabilities while not compromising the security of secure KVM guests.
  • Bus id for subchannels: Allows you to identify passthrough CCW devices by their device bus id in the host without going through hoops.
  • Dynamic configuration updates  for vfio-ap: Allows you to hot plug and unplug Crypto domains of a Crypto passthrough configuration for running KVM guests.

SLES 15 SP5

Being a large service pack, there are numerous new features delivered:
  • Interpretive vfio-pci support for ISM: Which allows pass-through of ISM devices to KVM guests, enabling high-bandwith and low-latency network communication using SMC-D.
  • Encrypted dump for Secure Execution: Enhances problem determination capabilities while not compromising the security of secure KVM guests.
  • Bus id for subchannels: Allows you to identify passthrough CCW devices by their device bus id in the host without going through hoops.
  • Driverctl now lists persisted overrides: Makes it easier to identify and manage passthrough devices.
  • Persistent configuration for vfio-ap: The s390-tools command zdev can now be used to persist Crypto passthrough configurations.
  • Dynamic configuration updates  for vfio-ap: Allows you to hot plug and unplug Crypto domains of a Crypto passthrough configuration for running KVM guests.
  • Remote attestation for Secure Execution: Provides cryptographic evidence of workload authenticity and integrity facilitates integration into common Confidential Computing frameworks.
  • Support of long kernel command lines of up to 64 KB length, for example, allows you to specify plenty of I/O devices.
...and other minor improvements