Abstract: Embodiments of the invention include a fracture ring sensor and a method of using the same to detect out of tolerance forces. Aspects of the invention include a product having a defined an out of tolerance force, a fracture ring sensor, and a mounting assembly coupling the fracture ring sensor to the product. The fracture ring sensor is patterned with a conductive trace and is manufactured to break when subjected to a predetermined amount of force. The predetermined amount of force is substantially equal to a percentage of the out of tolerance force of the product.

Abstract: A Vector Galois Field Multiply Sum and Accumulate instruction. Each element of a second operand of the instruction is multiplied in a Galois field with the corresponding element of the third operand to provide one or more products. The one or more products are exclusively ORed with each other and exclusively ORed with a corresponding element of a fourth operand of the instruction. The results are placed in a selected operand.

Abstract: Mechanical integrity sensors are provided to detect occurrence of an out-of-tolerance force on a component, such as a circuit board. The mechanical integrity sensor includes a light-blocking container and a light collector disposed within the light-blocking container. The light-blocking container includes a breakable panel. The breakable panel fractures with a force on the breakable panel indicative of the out-of-tolerance force on the component. Fracturing of the breakable panel allows light into the light-blocking container, and the light is collected by the light collector as indicative of the occurrence of the out-of-tolerance force on the component.

Abstract: Detection of alteration of storage keys used to protect memory includes determining whether a storage key alteration event has occurred within a processor of a computing environment. The determining includes checking whether one or more selected fields of a storage key have been updated. The storage key is associated with a block of memory and controls access to the block of memory. Based on the checking indicating that the one or more selected fields of the storage key have been updated, a storage key alteration event has been detected. Based on determining the storage key alteration event has occurred, a notification is provided.

Abstract: A Sort Lists instruction is provided to perform a sort and/or a merge operation. The instruction is an architected machine instruction of an instruction set architecture and is executed by a general-purpose processor of the computing environment. The executing includes sorting a plurality of input lists to obtain one or more sorted output lists, which are output.

Abstract: Migration of partially completed instructions. A determination is made that processing of an operation of an instruction executing on a processor has been interrupted prior to completion. The instruction is re-executed on a selected processor to resume forward processing of the instruction. The re-executing includes determining whether model-dependent metadata is to be used by the selected processor in re-executing the instruction. Based on determining the model-dependent metadata is to be used, the model-dependent metadata is used in re-executing the instruction. Based on determining the model-dependent metadata is not to be used, proceeding with re-executing the instruction without using the model-dependent metadata.

Abstract: Saving and restoring machine state between multiple executions of an instruction. A determination is made that processing of an operation of an instruction executing on a processor has been interrupted prior to completion. Based on determining that the processing of the operation has been interrupted, current metadata of the processor is extracted. The metadata is stored in a location associated with the instruction and used to re-execute the instruction to resume forward processing of the instruction from where it was interrupted.

Abstract: Saving and restoring machine state between multiple executions of an instruction. A determination is made that processing of an operation of an instruction executing on a processor has been interrupted prior to completion. Based on determining that the processing of the operation has been interrupted, current metadata of the processor is extracted. The metadata is stored in a location associated with the instruction and used to re-execute the instruction to resume forward processing of the instruction from where it was interrupted.

Abstract: A marking capability is used to provide an indication of whether a block of memory is backing an address translation structure of a control program being managed by a virtual machine manager. By providing the marking, the virtual machine manager may check the indication prior to making paging decisions. With this information, a hint may be provided to the hardware to be used in decisions relating to purging associated address translation structures, such as translation look-aside buffer (TLB) entries.

Abstract: A select processor obtains a request to perform a requested operation. The request includes encrypted data and a protected key. The protected key is to be used by the select processor on behalf of an entity unauthorized to use the protected key. The encrypted data is decrypted using the protected key to obtain decrypted data. The requested operation is performed on the decrypted data to obtain resulting data. The resulting data is encrypted (e.g., using the protected key) to obtain encrypted resulting data. The encrypted resulting data is provided to a requester of the request.

Abstract: A protected key to be used by a select processor on behalf of an entity unauthorized to use the protected key is created. The creating includes obtaining a system mask and a system key. A clear key is wrapped with the system key to provide a wrapped key. The system mask is applied to the wrapped key to create the protected key.

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes receiving a secure access request for a secure page of memory at a secure interface control of a computer system. The secure interface control can check a disable virtual address compare state associated with the secure page. The secure interface control can disable a virtual address check in accessing the secure page to support mapping of a plurality of virtual addresses to a same absolute address to the secure page based on the disable virtual address compare state being set and/or to support secure pages that are accessed using an absolute address and do not have an associated virtual address.

Abstract: A method is provided. The method is implemented by a communication interface of a secure interface control executing between the secure interface control of a computer and hardware of the computer/In this regard, the communication interface receives an instruction and determines whether the instruction is a millicoded instruction. Further, the communication interface enters a millimode comprising enabling the secure interface control to engage millicode of the hardware through the communication interface based on the instruction being the millicoded instruction.

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes executing, by a virtual machine that is executing on a host server, a stream of instructions, wherein an instruction from the stream of instructions is to be intercepted to a hypervisor. The method further includes, based on a determination that the virtual machine is a secure virtual machine, preventing the hypervisor from directly accessing any data of the secure virtual machine. The method further includes performing by a secure interface control of the host server, based on a determination that the instruction is not interpretable by the secure interface control itself, extracting one or more parameter data associated with the instruction from the secure virtual machine, and storing the parameter data into a buffer that is accessible by the hypervisor. The instruction is subsequently intercepted into the hypervisor.

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes receiving a query for an amount of storage in memory of a computer system to be donated to a secure interface control of the computer system. The secure interface control can determine the amount of storage to be donated based on a plurality of secure entities supported by the secure interface control as a plurality of predetermined values. The secure interface control can return a response to the query indicative of the amount of storage as a response to the query. A donation of storage to secure for use by the secure interface control can be received based on the response to the query.

Abstract: Secure processing within a computing environment is provided by incrementally decrypting a secure operating system image, including receiving, for a page of the secure operating system image, a page address and a tweak value used during encryption of the page. Processing determines that the tweak value has not previously been used during decryption of another page of the secure operating system image, and decrypts memory page content at the page address using an image encryption key and the tweak value to facilitate obtaining a decrypted secure operating system image. Further, integrity of the secure operating system image is verified, and based on verifying integrity of the secure operating system image, execution of the decrypted secure operating system image is started.

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes enabling, by a secure interface control of a computer system, a non-secure entity of the computer system to access a page of memory shared between the non-secure entity and a secure domain of the computer system based on the page being marked as non-secure with a secure storage protection indicator of the page being clear. The secure interface control can verify that the secure storage protection indicator of the page is clear prior to allowing the non-secure entity to access the page. The secure interface control can provide a secure entity of the secure domain with access to the page absent a check of the secure storage protection indicator of the page.

Abstract: A method is provided by a secure interface control of a computer that provides a partial instruction interpretation for an instruction which enables an interruption. The secure interface control fetches a program status word or a control register value from a secure guest storage. The secure interface control notifies an untrusted entity of guest interruption mask updates. The untrusted entity is executed on and in communication with hardware of the computer through the secure interface control to support operations of a secure entity executing on the untrusted entity. The secure interface control receives, from the untrusted entity, a request to present a highest priority, enabled guest interruption in response to the notifying of the guest interruption mask updates. The secure interface control moves interruption information into a guest prefix page and injecting the interruption in the secure entity when an injection of the interruption is determined to be valid.

Abstract: An computer-implemented method according to examples includes receiving, by a secure interface control of a computing system, a request by a requestor to access a page in a memory of the computing system. The method further includes, responsive to determining that the requestor is a non-secure requestor and responsive to a secure-storage bit being set, prohibiting access to the page without performing an authorization check. The method further includes, responsive to determining that the requestor is a secure requestor, performing the authorization check.

Abstract: A method, computer program product, and a system where a secure interface control determines whether an instance of a secure guest image can execute based on metadata. The secure interface control (“SC”) obtains metadata linked to an image of a secure guest of an owner and managed by the hypervisor that includes control(s) that indicates whether the hypervisor is permitted to execute an instance of a secure guest generated with the image in the computing system based on system setting(s) in the computing system. The SC intercepts a command by the hypervisor to initiate the instance. The SC determines the presence or the absence of system setting(s) in the computing system. The SC determines if the hypervisor is permitted to execute the instance. If so, the SC enables initiation of the instance by the hypervisor. If not, the SC ignores the command.