Comment 0 for bug 1866866

Revision history for this message
Frank Heimes (fheimes) wrote :

The secure guest feature affects multiple components (kernel, qemu and s390-tools - see below).
While dedicated tickets for the different components exist since quite a while, the code arrived late and/or discussion to get it upstream accepted took longer than expected.
(Even if we as of today didn't reached the kernel freeze, I'm already adding kernel to this FFe.)

Since this is a very important feature the current IBM Z and LinuxONE family, it's requested to be included into focal, the next LTS release, to become exploitable on the long term.

The code is largely architecture specific.
No brand new packages or new upstream version are requested, only the cherry-pick of commits (or PR) - so far everything is 'cherry-pick'-able.

kernel:
The patch set for the kernel is huge (30+ commits), but only has one common code commit.
The arch specific patches landed in between in linux-next, the arch specific one is expected to land there very soon (hours/days from now). The common-code patch (2 files) ran through several hands and landed in between in Andrew Morton's mmots tree.
A pre-screening of the code was done by the kernel team and it looked acceptable.
(dedicated kernel ticket: https://bugs.launchpad.net/bugs/1835531)

qemu:
The entire code seems to be arch specific.
Again a pre-screening of the maintainer lead to the fact that it should be acceptable, too.
(dedicated qemu ticket: https://bugs.launchpad.net/bugs/1835546)

s390-tools:
The entire tool only exists for the s390x architecture.
Hence obviously everything is arch specific on that.
(dedicated s390-tools ticket: https://bugs.launchpad.net/bugs/1834534)

Currently work is going on to test this function end to end based on Ubuntu components (means based on our s390-tools, qemu and kernel [focal master-next] trees).
On top I applied the patches to the packages as well and did manual test buids.

With that a potential regression can be considered as low - and even in case of a regression, it will affect s390x only.