Ubuntu
s390-tools package

[24.04 FEAT] Secure Execution - Secure guest tool to bind and associate APQNs (s390-tools)

Bug #2003672 reported by bugproxy on 2023-01-23

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu on IBM z Systems	Fix Released	High	Skipper Bug Screeners
	s390-tools (Ubuntu)	Fix Released	High	Skipper Bug Screeners

Bug Description

Feature Description:

Provide a tool that associates HSM names with to APQNs based on APQN type,card generation, serial number and MKVP.

Tags:

bugproxy (bugproxy) on 2023-01-23

tags:	added: architecture-s39064 bugnameltc-201344 severity-high targetmilestone-inin2304
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Frank Heimes (fheimes) on 2023-01-23

affects:	linux (Ubuntu) → s390-tools (Ubuntu)
Changed in ubuntu-z-systems:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
importance:	Undecided → High
Changed in s390-tools (Ubuntu):
importance:	Undecided → High
Changed in ubuntu-z-systems:
status:	New → Incomplete
Changed in s390-tools (Ubuntu):
status:	New → Incomplete

bugproxy (bugproxy) on 2023-07-14

tags:

added: targetmilestone-inin2310
removed: targetmilestone-inin2304

Frank Heimes (fheimes) on 2023-07-15

summary:

- [23.04 FEAT] Secure Execution - Secure guest tool to bind and associate
+ [23.10 FEAT] Secure Execution - Secure guest tool to bind and associate
APQNs (s390-tools)

Revision history for this message

bugproxy (bugproxy) wrote on 2023-08-16: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2023-08-16 11:49 EDT-------
This feature is not yet available, therefore, we need to postpone it to the next Ubuntu release.

==> Changing target milestone to: "24.04"

tags:

added: targetmilestone-inin2404
removed: targetmilestone-inin2310

Frank Heimes (fheimes) on 2023-08-17

summary:

- [23.10 FEAT] Secure Execution - Secure guest tool to bind and associate
+ [24.04 FEAT] Secure Execution - Secure guest tool to bind and associate
APQNs (s390-tools)

Revision history for this message

bugproxy (bugproxy) wrote on 2024-01-17:

------- Comment From <email address hidden> 2024-01-17 04:31 EDT-------
Pvapconfig is a new tool for automatically configuring the APQNs
within an Secure Execution KVM guest with AP pass-through support.
Based on a given AP configuration it tries to find a matching
APQN and bind and associate it with the correct secret.

Pvapconfig is now available upstream and will be part of the
upcomming s390-tools release version 2.31.

Backports on top of s390-tools version 2.30 require at least these
two commits:

0764460e rust/pv: Provide access for SecretList members
https://github.ibm.com/linuxonz/s390-tools/commit/0764460eafdfd91f78bbed5ac818f19d60e14b70

94a38ebc rust/pvapconfig: Introduce new tool pvapconfig
https://github.ibm.com/linuxonz/s390-tools/commit/94a38ebc3aec9ee954f1ae9a4a0a09ea7f29f11c

Optional maybe this commit may be applied as well:

6fd02279 rust/Makefile: Fix CC/AR variables for TEST_TARGETS
https://github.ibm.com/linuxonz/s390-tools/commit/6fd02279da20acba882426496e3b87e556bdeabc

If Ubuntu 24.04 simple picks the upcomming s390-tools version 2.31, there
is nothing more to do :-)

Revision history for this message

Frank Heimes (fheimes) wrote on 2024-01-17 (last edit on 2024-01-17):

Yes, we recently upgraded the s390-tools in the 24.04 release that is still in development to 2.30.0, but just to not let the delta become too big.
You are right, the planned target release is 2.31.0 (availability planned for CW 5), hence we'll not take the effort to backport these new things, but will just introduce them with the next version bump.

But thanks for the heads-up and details !

Changed in s390-tools (Ubuntu):
status:	Incomplete → Confirmed
Changed in ubuntu-z-systems:
status:	Incomplete → Confirmed

Frank Heimes (fheimes) on 2024-02-06

information type:

Private → Public

Frank Heimes (fheimes) on 2024-02-28

Changed in ubuntu-z-systems:
status:	Confirmed → Fix Committed
Changed in s390-tools (Ubuntu):
status:	Confirmed → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-02-28:

This bug was fixed in the package s390-tools - 2.31.0-0ubuntu1

---------------
s390-tools (2.31.0-0ubuntu1) noble; urgency=medium

  [ Frank Heimes ]
  * New upstream release, requested in LP: #2049612
    - Includes 'Secure Execution - Secure guest tool to bind and associate
      APQNs'. LP: #2003672
    - No new crates and no significant changes in size of the vendored crates
      tar ball.
    - Update XS-Vendored-Sources-Rust field in d/control.
    - Modify d/s390-tools.install to add targets for the new pvapconfig tool.
    - Rewrote and updated d/copyright according to DEP-5 aka
      debian.org/doc/packaging-manuals/copyright-format/1.0/
    - Add d/s390-tools.lintian-overrides to override a known false positive
      detection of lintian of libyaml in rust code.
    - Add d/gzip-files-without-timestamps-or-names.patch to
      avoid timestampes in gzip that will lead to lintian warning
      'package-contains-timestamped-gzip' and will harm reproducible builds.

  [ Simon Chopin ]
  * d/control: replace dh-cargo by dh-cargo-tools and explicit cargo
    dependency as we're not using the dh plugin

-- Simon Chopin <email address hidden> Mon, 26 Feb 2024 15:44:15 +0100

Changed in s390-tools (Ubuntu):
status:	Fix Committed → Fix Released

Frank Heimes (fheimes) on 2024-02-28

Changed in ubuntu-z-systems:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntus390-tools package

[24.04 FEAT] Secure Execution - Secure guest tool to bind and associate APQNs (s390-tools)

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
s390-tools package