Ubuntu on IBM z Systems

  1. Bug #2026833
  2. Comment #1

Comment 1 for bug 2026833

Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2023-07-27 05:46 EDT-------
we installed from ppa:canonical-kernel-team/unstable:

cat /etc/os-release
PRETTY_NAME="Ubuntu Mantic Minotaur (development branch)"
NAME="Ubuntu"
VERSION_ID="23.10"
VERSION="23.10 (Mantic Minotaur)"
VERSION_CODENAME=mantic
...

# uname -r
6.5.0-1-generic

and used 6.5.0-1.1+1/control/sipl.x509 signature and 6.5.0-1.1+1/boot/vmlinuz-6.5.0-1-generic.sipl from the tar file from https://ppa.launchpad.net/canonical-kernel-team/unstable/ubuntu/dists/devel/main/signed/linux-generate-unstable-s390x/current/
signed.tar.gz

ls -l /boot/vmlinuz
lrwxrwxrwx 1 root root 28 Jul 26 11:32 /boot/vmlinuz -> vmlinuz-6.5.0-1-generic.sipl

load with kernel vmlinuz-6.5.0-1-generic.sipl
- without secure boot enable
- without adding the signature
==> as expected:

IPB received.
IPB sent.
System version 9.
Watchdog enabled.
Running 'ZBootLoader' version '3.2.2' level 'D51C.D51C_328.16'.
OK00000000 Success

load with kernel vmlinuz-6.5.0-1-generic
- with secure boot enable
- with adding the signature
==> not expected:
IPB received.
IPB sent.
System version 9.
Watchdog enabled.
Running 'ZBootLoader' version '3.2.2' level 'D51C.D51C_328.16'.
--- Audit message summary start ---
MLOLOA62693210 Audit: Signature verification failure for component 3 in program
0 loaded from device HBA:0.0.1900,WWPN:500507630710572C,LUN:4020404E00000000.
--- Audit message summary end ---
MLOLOA6269321F A security violation error was encountered when loading from devi
ce HBA:0.0.1900,WWPN:500507630710572C,LUN:4020404E00000000.
IPL failed (110).

LdiplStructureProcessor.cpp:processComponentTable:75: Found IMAGE component @0x156d1630 w LOAD ADDRESS 0xa000.
CertificateVerification.cpp:verifySignature:237: Failed to verify image component @0x156d1630 w associated signature component @0x156d19b0 and certificate #0 w vc_index 1.
LdiplStructureProcessor.cpp:checkSignature:288: Audit: Signature verification failed for component #3 @0x156d1630.
LdiplStructureProcessor.cpp:processComponentTable:91: Found Image Component @0x156d1630 w SCLAB @0x156cde10.
LdiplStructureProcessor.cpp:processComponentTable:98: Found the 'global' SCLAB (1) @0x156d1630
LdiplComponentType02Image.cpp:checkSignedCodeLoadingAttributesFacilityRules:235: Audit summary 2a: Error indicators for the SCLAB of component 3 is 0x0.

but load for component 5 worked:
LdiplStructureProcessor.cpp:processComponentTable:75: Found IMAGE component @0x156fcd90 w LOAD ADDRESS 0x10000.
CertificateVerification.cpp:verifySignature:227: Successfully verified image component @0x156fcd90 w associated signature component @0x156fef00 and certificate #0 w vc_index 1.
LdiplStructureProcessor.cpp:processComponentTable:91: Found Image Component @0x156fcd90 w SCLAB @0x156fcd50.