From: Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx> The IBM System z Central Processor Assist for Cryptographic Functions (CPACF) hardware provides a set of CPU instructions for use in clear-key encryption, pseudo random number generation, hash functions, and protected-key encryption. The CPACF protected key cryptographic functions operate with a protected key that is encrypted under a unique wrapping key stored in the Hardware System Area (HSA) of the machine and can only be accessed by firmware. The wrapping key cannot be accessed by the operating system or application programs. There are two wrapping keys: One for wrapping AES keys and one for wrapping DEA/TDEA (DES/TDES) keys. This patch set enables the support for encrypting clear keys under the AES or DEA/TDEA wrapping key on a guest VM running on an s390 host that supports key wrapping. Tony Krowiak (4): libvirt: docs: XML to enable/disable protected key mgmt ops libvirt: conf: parse XML for protected key management ops libvirt: qemu: enable/disable protected key management ops libvirt: tests: test protected key mgmt ops support -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list