[UBUNTU 20.04] zipl boot loader should check for secure IPL feature before looking up data (was: PV: guest fails to reboot from a disk)

The list of commits is included in s390-tools 2.14, hence if s390-tools gets updated to 2.14 (see LP 1884721), the groovy entry will be done.h
But SRU to focal is needed.
I think it will not be easy to get all commit IDs SRUed to focal - even if I've heard that the fix is only one of them and the rest are depending commits to get the fix applied ...

This bug was fixed in the package s390-tools - 2.14.0-1ubuntu1

---------------
s390-tools (2.14.0-1ubuntu1) groovy; urgency=medium

  * Merge from Debian, remaining changes:
    - add libssl-dev, libglib2.0-dev build-deps
    - add support for signed zipl
    - package cpuplugd, osasnmpd, statd, zkey
    - update copyright file
    - fix kernel installer script integration, to skip calling zipl without initrd
    - load monwriter kernel module for mon_statd/mon_fsstatd
    - do not run dumpconf in lxc
    - ziomon change exit code to 0 for version and help
    - add zkey initramfs hook
    - change zkey default back to argon2i
    - drop patch that disables building osasnmpd
    - drop udevpath patch to init script, systemd units are used instead
    - enable hardening
    - enable initramfs & dracut integration
    - install more utilities and zdev initramfs integration
    - setup users/groups for mon_*, iucvterm, zkey
    - setup crashkernel integration
    - ship zdev in udeb
    - drop ziomon package, shipped in the main package

  * New upstream release fixes LP: #1892350, LP: #1888231, LP: #1884773,
    LP: #1884744, LP: #1884721

s390-tools (2.14.0-1) unstable; urgency=medium

  * New upstream release.

s390-tools (2.3.0-2) unstable; urgency=medium

  * Hardcode perl dependency instead of using ${perl:Depends}.
    The latter introduces a multi-arch dependency (perl:any) that the
    base installation environment cannot cope with.

 -- Dimitri John Ledkov <email address hidden> Wed, 26 Aug 2020 11:11:23 +0100

I think we should also include fd817280d315ca0249bbdd9cd21bcd54a39bceda ("zipl: fix incorrect setup of stage3 flags") if we cherry-pick all the other patches, as that one fixes an issue introduced in another cherry-pick (6c04f977734f55b862b9900abfc325e1db98acd0 "zipl: consolidate stage3_params structs and stage3 flags")

Hello bugproxy, or anyone else affected,

Accepted s390-tools into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/s390-tools/2.12.0-0ubuntu3.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

@hws / ibm

Have you had a chance to verify this yet?

------- Comment From <email address hidden> 2020-10-23 03:27 EDT-------
Verified by IBM:
Verified that the code is correctly included in s390-tools_2.12.0-0ubuntu3.1

Thx for the verification! (I've adjusted the tags accordingly).

This bug was fixed in the package s390-tools - 2.12.0-0ubuntu3.1

---------------
s390-tools (2.12.0-0ubuntu3.1) focal; urgency=medium

  * debian/patches/0082-*.patch .. 0111-*.patch (LP: #1892350)
    - Cherrypick patches from upstream, to make zipl boot loader check for
      secure IPL feature before looking up data
    - Cherrypick 0111-*/fd81728 ("zipl: fix incorrect setup of stage3 flags")
      additionally, to fix bug in 0089-*/6c04f97 ("zipl: consolidate
      stage3_params structs and stage3 flags")
  * d/p/0110-zipl-stage3-correctly-handle-diag308-response-code.patch
    - Cherrypick 943c5dc ("zipl/stage3: correctly handle diag308 response
      code"), to fix KVM IPL without bootindex= specified (LP: #1888231)
  * d/p/0112-cpumf-lscpumf.pl-displays-raw-event-number-incorrect.patch
    - Only needed for perl lscpumf in Focal (LP: #1893027)

 -- Lukas Märdian <email address hidden> Thu, 01 Oct 2020 12:41:35 +0200

The verification of the Stable Release Update for s390-tools has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

------- Comment From <email address hidden> 2020-10-26 06:19 EDT-------
IBM Bugzilla status->closed, Fix Released with all requested distros