From: Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx> The IBM System z Central Processor Assist for Cryptographic Functions (CPACF) hardware provides a set of CPU instructions for use in clear-key encryption, pseudo random number generation, hash functions, and protected-key encryption. The CPACF protected key cryptographic functions operate with a protected key which is encrypted under a unique wrapping key that is stored in the Hardware System Area (HSA) of the machine and can only be accessed by firmware. The wrapping key cannot be accessed by the operating system or application programs. There are two wrapping keys: One for wrapping AES keys and one for wrapping DES/TDES keys. This patch set enables the support for encrypting clear keys under the AES and DES/TDES wrapping keys for guests started on hosts running on s390 hardware that supports key wrapping. Tony Krowiak (4): libvirt: docs: XML to enable/disable protected key mgmt ops libvirt: conf: parse XML for protected key management ops libvirt: qemu: enable/disable protected key management ops libvirt: tests: test protected key mgmt ops support -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list