linux-azure: Update SGX version to version LD_1.33

Bug #1881338 reported by Marcelo Cerri on 2020-05-29
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
Undecided
Marcelo Cerri
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Eoan
Undecided
Unassigned
Focal
Undecided
Unassigned
linux-azure-4.15 (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Eoan
Undecided
Unassigned
Focal
Undecided
Unassigned
linux-base (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Eoan
Undecided
Unassigned
Focal
Undecided
Unassigned

Bug Description

[Impact]

We have included the DCAP version of SGX into the linux-azure kernels in order to provide a signed version of this driver that can be used with secure boot in Azure instances.

Since a new version of this driver was released, we should update the embedded driver:

https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/LD_1.33/driver/linux

[Test Case]

- Install the new kernel on an ACC azure instance.
- Ensure the module loads properly.
- Check if ECL (provided on the azure images) is working properly.

[Regression Potential]

The changes are extensive, but both Canonical and Microsoft perform validation tests on SGX. Besides that, the change is restricted to linux-azure running on specific instances.

Marcelo Cerri (mhcerri) on 2020-05-29
Changed in linux-azure-4.15 (Ubuntu Eoan):
status: New → Invalid
Changed in linux-azure-4.15 (Ubuntu Focal):
status: New → Invalid
Marcelo Cerri (mhcerri) wrote :
Marcelo Cerri (mhcerri) wrote :
tags: added: patch
Marcelo Cerri (mhcerri) on 2020-06-09
description: updated
Marcelo Cerri (mhcerri) on 2020-06-25
Changed in linux-azure-4.15 (Ubuntu Xenial):
status: New → Invalid
Changed in linux-azure (Ubuntu Xenial):
status: New → Invalid
Marcelo Cerri (mhcerri) wrote :
Marcelo Cerri (mhcerri) wrote :
Marcelo Cerri (mhcerri) wrote :
Marcelo Cerri (mhcerri) wrote :
Changed in linux-azure (Ubuntu Bionic):
status: New → Fix Committed
Changed in linux-azure (Ubuntu Eoan):
status: New → Fix Committed
Changed in linux-azure (Ubuntu Focal):
status: New → Fix Committed
Changed in linux-azure-4.15 (Ubuntu Bionic):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-base - 4.5ubuntu4

---------------
linux-base (4.5ubuntu4) groovy; urgency=medium

  * Update SGX udev rules for version LD_1.33 (LP: #1881338).

 -- Marcelo Henrique Cerri <email address hidden> Thu, 25 Jun 2020 14:23:24 -0300

Changed in linux-base (Ubuntu):
status: New → Fix Released

Hello Marcelo, or anyone else affected,

Accepted linux-base into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu3.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in linux-base (Ubuntu Focal):
status: New → Fix Committed
Changed in linux-base (Ubuntu Eoan):
status: New → Fix Committed
Andy Whitcroft (apw) wrote :

Hello Marcelo, or anyone else affected,

Accepted linux-base into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu2.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in linux-base (Ubuntu Bionic):
status: New → Fix Committed
Andy Whitcroft (apw) wrote :

Hello Marcelo, or anyone else affected,

Accepted linux-base into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in linux-base (Ubuntu Xenial):
status: New → Fix Committed
Andy Whitcroft (apw) wrote :

Hello Marcelo, or anyone else affected,

Accepted linux-base into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-base/4.5ubuntu1.2~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted linux-base (4.5ubuntu2.2) for eoan have finished running.
The following regressions have been reported in tests triggered by the package:

makedumpfile/1:1.6.6-2ubuntu2.1 (ppc64el, i386)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/eoan/update_excuses.html#linux-base

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted linux-base (4.5ubuntu1.2) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

linux-hwe-5.0/5.0.0-53.57~18.04.1 (armhf)
makedumpfile/1:1.6.5-1ubuntu1~18.04.5 (ppc64el)
linux-hwe-5.4/5.4.0-40.44~18.04.1 (armhf)
linux-raspi2-5.3/5.3.0-1028.30~18.04.2 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-base

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Marcelo Cerri (mhcerri) wrote :

I've tested linux-base-sgx (also updating linux-base) on focal, eoan, bionic and xenial and the udev rules are working as intended. I also got positive confirmation from our partners that tested this new version.

Marcelo Cerri (mhcerri) wrote :

I've tested linux-base-sgx (also updating linux-base) on focal, eoan, bionic and xenial and the udev rules are working as intended. I also got positive confirmation from our partners that tested this new version.

Versions tested:

bionic: 4.5ubuntu1.2
xenial: 4.5ubuntu1.2~16.04.1
eoan: 4.5ubuntu2.2
focal: 4.5ubuntu3.1

Marcelo Cerri (mhcerri) wrote :

The regressions reported by Ubuntu SRU Bot for Focal and Eoan are not related to the new version of linux-base and they seem to be timeouts. I re-triggered them for now.

Marcelo Cerri (mhcerri) on 2020-06-29
tags: added: verification-done-bionic verification-done-eoan verification-done-focal verification-done-xenial
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers