| 2022-02-03 23:09:14 |
bugproxy |
bug |
|
|
added bug |
| 2022-02-03 23:09:16 |
bugproxy |
tags |
|
architecture-s39064 bugnameltc-196320 severity-high targetmilestone-inin2204 |
|
| 2022-02-03 23:09:17 |
bugproxy |
ubuntu: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
| 2022-02-03 23:09:19 |
bugproxy |
affects |
ubuntu |
linux (Ubuntu) |
|
| 2022-02-03 23:09:20 |
bugproxy |
bug |
|
|
added subscriber CDE Administration |
| 2022-02-03 23:09:21 |
bugproxy |
bug |
|
|
added subscriber Boris Barth |
| 2022-02-04 07:22:27 |
Frank Heimes |
bug task added |
|
ubuntu-z-systems |
|
| 2022-02-04 07:22:41 |
Frank Heimes |
ubuntu-z-systems: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
| 2022-02-04 07:22:45 |
Frank Heimes |
linux (Ubuntu): importance |
Undecided |
High |
|
| 2022-02-04 07:22:47 |
Frank Heimes |
ubuntu-z-systems: importance |
Undecided |
High |
|
| 2022-02-04 07:22:52 |
Frank Heimes |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2022-02-04 07:22:55 |
Frank Heimes |
ubuntu-z-systems: status |
New |
Incomplete |
|
| 2022-06-07 14:39:31 |
bugproxy |
attachment added |
|
VS2021 upstream patch file https://bugs.launchpad.net/bugs/1959973/+attachment/5595333/+files/0001-drivers-s390-char-Add-Ultravisor-io-device.patch |
|
| 2022-06-07 17:28:37 |
Frank Heimes |
ubuntu-z-systems: status |
Incomplete |
New |
|
| 2022-06-07 17:28:39 |
Frank Heimes |
linux (Ubuntu): status |
Incomplete |
New |
|
| 2022-06-08 12:40:08 |
Frank Heimes |
description |
KVM: Attestation support for Secure Execution (crypto)
Description:
Provide attestations support, e.g. for external frameworks, specific deployment models or potentially regulatory requirements.
Request Type: Kernel - Enhancement from IBM
Upstream Acceptance: In Progress |
SRU Justification:
==================
[Impact]
* This is a hardware enablement SRU in support of
IBM z15 and LinuxONE III (FC 115) secure execution feature.
* It adds a misc character device to expose some Ultravisor
functions to userspace.
* The device is only available if the (optional) Ultravisor
Facility (158) is present in the system.
* Two Ultravisor calls are supported:
- Query Ultravisor Information (QUI) and
- Receive Attestation Measurement (Attest[ation])
* This is in support of for example. external frameworks,
specific deployment models or especially
potentially regulatory requirements.
[Fix]
* 4689752c79fa 4689752c79fa30e91b49b39a9fba93c4d1f3e20c "drivers/s390/char: Add Ultravisor io device"
* eb3de2d8f78d eb3de2d8f78d893303891d879f941c47f2f2d13d "s390/uv_uapi: depend on CONFIG_S390"
* patch to set kernel config option 'CONFIG_S390_UV_UAPI=y'
[Test Plan]
* An IBM z15 or LinuxONE III LPAR with FC 115 enabled is required.
* Installation of Ubuntu Server 22.04 LTS on top.
* Install a kernel that incl. the above patches/commits
(that has the kernel config option 'CONFIG_S390_UV_UAPI' enabled).
* Activate the kernel (reboot) and look for the existence of
the uvdevice '/dev/uv'.
* Use a userspace test program that makes use of the new
misc device by exploiting 'ATTEST'.
* Due to hardware requirements this test needs to be conducted by IBM.
[Where problems could occur]
* The definitions in uv_cmds_inst and uv_feat_ind could be wrong
and the codes wrong or mixed up, which would lead to a broken
functionality/interface.
* The uvdevice header definitions could be erroneous,
defining an wrong interface.
* The newly added kernel options could be implemented in a wrong way,
so that it doesn't enable the 'uvdevice', but unlikely.
* The implementation of the device itself in 'uvdevice.c' could be broken
by wrong or broken pointer arithmetics, wrong method arguments,
wrong sizeof/length calculations, which - in worst case - could entirely
crash a system.
* The ioctl control block implementation could be wrong in a way,
that it doesn't properly handle the case where the facility is not
available in the system.
* Entry point, copy and check routines could be wrong,
allowing non-desired calls.
* This is an s390x-only functionality,
that is only available on IBM z15 / LinuxONE III systems and newer,
and only is the optional feature 'FC 115' in place,
which is limited to 'secure-execution' workloads.
[Other Info]
* The above commit is marked to be merged into 5.19-rc2,
and since the planned target kernel for kinetic is
5.19, the SRU is not needed for kinetic.
__________
KVM: Attestation support for Secure Execution (crypto)
Description:
Provide attestations support, e.g. for external frameworks, specific deployment models or potentially regulatory requirements.
Request Type: Kernel - Enhancement from IBM
Upstream Acceptance: In Progress |
|
| 2022-06-21 10:40:56 |
Frank Heimes |
information type |
Private |
Public |
|
| 2022-06-21 10:41:00 |
Frank Heimes |
linux (Ubuntu): status |
New |
In Progress |
|
| 2022-06-21 10:41:04 |
Frank Heimes |
ubuntu-z-systems: status |
New |
In Progress |
|
| 2022-06-21 10:41:41 |
Frank Heimes |
nominated for series |
|
Ubuntu Jammy |
|
| 2022-06-21 10:41:41 |
Frank Heimes |
bug task added |
|
linux (Ubuntu Jammy) |
|
| 2022-06-21 10:41:51 |
Frank Heimes |
linux (Ubuntu Jammy): status |
New |
In Progress |
|
| 2022-06-21 10:41:55 |
Frank Heimes |
linux (Ubuntu Jammy): importance |
Undecided |
High |
|
| 2022-06-21 10:42:10 |
Frank Heimes |
linux (Ubuntu Jammy): assignee |
|
Canonical Kernel Team (canonical-kernel-team) |
|
| 2022-06-21 10:42:15 |
Frank Heimes |
linux (Ubuntu): status |
In Progress |
Invalid |
|
| 2022-06-21 10:42:22 |
Frank Heimes |
linux (Ubuntu): assignee |
Skipper Bug Screeners (skipper-screen-team) |
|
|
| 2022-07-08 14:14:07 |
Stefan Bader |
linux (Ubuntu Jammy): status |
In Progress |
Fix Committed |
|
| 2022-07-08 14:22:26 |
Frank Heimes |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
| 2022-07-15 13:26:43 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-196320 severity-high targetmilestone-inin2204 |
architecture-s39064 bugnameltc-196320 severity-high targetmilestone-inin2204 verification-needed-jammy |
|
| 2022-07-18 12:09:36 |
bugproxy |
tags |
architecture-s39064 bugnameltc-196320 severity-high targetmilestone-inin2204 verification-needed-jammy |
architecture-s39064 bugnameltc-196320 severity-high targetmilestone-inin2204 verification-done-jammy |
|
| 2022-07-28 10:25:44 |
Launchpad Janitor |
linux (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
| 2022-07-28 10:25:44 |
Launchpad Janitor |
cve linked |
|
2022-1652 |
|
| 2022-07-28 10:25:44 |
Launchpad Janitor |
cve linked |
|
2022-1679 |
|
| 2022-07-28 10:25:44 |
Launchpad Janitor |
cve linked |
|
2022-28893 |
|
| 2022-07-28 10:25:44 |
Launchpad Janitor |
cve linked |
|
2022-34918 |
|
| 2022-07-28 15:57:42 |
Frank Heimes |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|
| 2022-09-29 15:24:28 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-196320 severity-high targetmilestone-inin2204 verification-done-jammy |
architecture-s39064 bugnameltc-196320 severity-high targetmilestone-inin2204 verification-done-focal verification-done-jammy |
|
