SPARC: Software in Silicon Features on Kernel Zones
Oracle Software in Silicon features are available on servers based on Oracle's SPARC M7 processor and running Oracle Solaris 11.3 and Oracle Solaris 11.4. Software in Silicon technologies include Silicon Secured Memory (SSM) and data analytics accelerators (DAX). SSM enables Application Data Integrity (ADI).
For more information about Oracle Software in Silicon functionality, refer to Understanding the Security and Performance Advantages of a Complete Oracle Solution with Software in Silicon.
SSM and DAX are not enabled in a kernel zone by default, even if they are supported by the host system's CPU and the kernel zone's operating system. This default is chosen to aid warm and live migration of kernel zones to and from earlier systems which do not support these features.
To enable these features in a kernel zone running Oracle Solaris 11.3 or Oracle Solaris 11.4, set the host-compatible property:
-
To enable only SSM, set
host-compatible=adi. -
To enable DAX, virtual address masking (VA masking), and SSM, set
host-compatible=level1.
Note:
Only features enabled by both migration class and host compatibility level are visible to the kernel zone. Do not set thecpu-arch property to a migration class if you want to use SSM or DAX.
To migrate a kernel zone to an earlier SPARC based system or earlier version of Oracle Solaris software where SSM or DAX is not available, before you begin the migration you must first make the following configuration changes:
-
Set the
host-compatibleproperty to a compatible value or clear the property to enable the zone to work in the target system's environment. -
Set the
cpu-archproperty to migrate to an earlier SPARC based system. See Preparation for Migrating Kernel Zones to Systems With Different CPUs or OS Versions for more information.
See Kernel Zone Migration Class and Host Compatibility Level (solaris-kz Only) in Oracle Solaris Zones Configuration Resources for more information.
Example 1-1 Enabling SSM in a Kernel Zone
This example checks whether the host-compatible property is set, then sets the property to adi and boots the zone. Note that the info subcommand displays no information for a property that is not explicitly set, even when the property has a default value.
global$ pfbash zonecfg -z kzone1 zonecfg:kzone1> info host-compatible zonecfg:kzone1> set host-compatible=adi zonecfg:kzone1> exit global$ zonecfg -z kzone1 boot
Example 1-2 Attempting to Enable SSM in a Kernel Zone on a System Without the Silicon Secured Memory Feature
This example shows an attempt to enable SSM in a kernel zone on a SPARC T5 system. The SPARC T5 does not support SSM. The error is detected when you attempt to boot the kernel zone.
global$ pfbash zonecfg -z kzone1 zonecfg:kzone1> set host-compatible=adi zonecfg:kzone1> exit global$ zonecfg -z kzone1 boot zone 'kzone1': error: modifier adi not supported by migration class SPARC-T5
Example 1-3 Enabling DAX in a Kernel Zone
This example shows by the lack of output that the host-compatible property is not set on kernel zone kzone1, sets the property to level1 to enable DAX, VA masking, and SSM, and boots the zone.
global$ pfbash zonecfg -z kzone1 zonecfg:kzone1> info host-compatible zonecfg:kzone1> set host-compatible=level1 zonecfg:kzone1> exit global$ zonecfg -z kzone1 boot
Example 1-4 Clearing the host-compatible Property to Enable Migration to Earlier Systems
This example clears the host-compatible property on kernel zone kzone1 then reboots the zone. Note that you must also reset the cpu-arch property, as described in Preparation for Migrating Kernel Zones to Systems With Different CPUs or OS Versions, before you can migrate a kernel zone to a target host that does not support features such as SSM.
global$ pfbash zonecfg -z kzone1 clear host-compatible global$ zoneadm -z kzone1 reboot