[23.10 FEAT] [SEC2352] pkey: support EP11 API ordinal 6 for secure guests
Bug #2029390 reported by
bugproxy
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
Medium
|
Skipper Bug Screeners | ||
linux (Ubuntu) |
Fix Released
|
High
|
Canonical Kernel Team |
Bug Description
Secure Execution guests must use the EP11 API ordinal 6 to create (generate, unwrap, derive) secure keys which encodes a NULL PIN (no session) as a string of zero-bytes.
Therefore, the pkey module must be updated to check whether the Linux system is running as a secure guest and if so modify secure key creating requests (key(pair) gen, unwrap) to use ordinal 6 API.
tags: | added: architecture-s39064 bugnameltc-203306 severity-high targetmilestone-inin2310 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
information type: | Private → Public |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Any details already about a potential target kernel this is going to land in? (or the commit(s)?)