The most severe limitation of cloud computing is security. In particular, the requirement of absolute trust in the cloud provider may be an insurmountable hurdle to deploy sensitive workloads in the cloud, because technically a cloud provider using standard HW can observe and even manipulate every piece of data in hosted software while the software is running. Secure Execution is a new feature on IBM Z15 and LinuxONE III that supports hosting KVM guests such that neither the HW operator nor the hypervisor (KVM) administrator can access the data of a running guest. This presentation with Reinhard Buendgen will introduce you to the trust model established by Secure Execution, describe the technical concepts used in IBM Z15 and LinuxONE III to establish the promised level of trust, and the process needed to deploy a Linux guest that is protected by Secure Execution.
00:36:36