Ubuntu
libvirt package

[24.10 FEAT] [VS2009] KVM: Secure IPL Simulation - libvirt part

Bug #2049701 reported by bugproxy
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Incomplete
High
Skipper Bug Screeners
libvirt (Ubuntu)
Incomplete
Undecided
Frank Heimes

Bug Description

This item will allow to verify the secure IPL process without the need to have a specific hardware or firmware level. QEMU must be modified to allow to specify one or more certificates used for kernel signing. Further, QEMU must allow to request signature checking during IPL. The QEMU BIOS must be extended to do the certificate checking, which requires a way to pass the certificates to the BIOS. And finally, libvirt must be extended in support of the QEMU changes.

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-204721 severity-high targetmilestone-inin2404
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Revision history for this message
Frank Heimes (fheimes) wrote :

Thx for the heads-up. Very interesting feature!
Do you already know the upstream libvirt version that will have this functionality included?

affects: linux (Ubuntu) → libvirt (Ubuntu)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in libvirt (Ubuntu):
assignee: Skipper Bug Screeners (skipper-screen-team) → Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
importance: Undecided → High
status: New → Incomplete
Changed in libvirt (Ubuntu):
status: New → Incomplete
Frank Heimes (fheimes)
tags: added: libvirt-24.04
Frank Heimes (fheimes)
information type: Private → Public
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2024-02-06 07:05 EDT-------
This feature requires further coding which will not complete in time for Noble FF.
Therefore, we need to postpone this for now to the next release.
Due to the importance of this item, we will need to have this SRUed to the Noble LTS release once it will have landed in 24.10.

==> Changing milestone to "24.10"

tags: added: targetmilestone-inin2410
removed: targetmilestone-inin2404
Revision history for this message
Frank Heimes (fheimes) wrote : Re: [24.04 FEAT] [VS2009] KVM: Secure IPL Simulation - libvirt part

Thanks for the heads-up!
I'll move it for now to 24.10.
I /believe/ once the development of the 'O'-release is open, we can include it into this, so that it will become SRU-able to 'N' - according to SRU policy 'Other safe cases':

"For Long Term Support releases we sometimes want to introduce new features. They must not change the behaviour on existing installations[...]. If existing software needs to be modified to make use of the new feature, it must be demonstrated that these changes are unintrusive, have a minimal regression potential, and have been tested properly. To avoid regressions on upgrade, any such feature must then also be added to any newer supported Ubuntu release. Once a new feature/package has been introduced, subsequent changes to it are subject to the usual requirements of SRUs to avoid regressions."

summary: - [24.04 FEAT] [VS2009] KVM: Secure IPL Simulation - libvirt part
+ [24.10 FEAT] [VS2009] KVM: Secure IPL Simulation - libvirt part
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.