Chaning "linux (Ubuntu)" to Fix Released, since the patch got upstream
accepted with kernel 5.1 and in between kernel 5.2 landed in Eoan's
release pocket.
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1832625
Title:
[UBUNTU] pkey: Indicate old mkvp only if old and curr. mkvp are
different
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Cosmic:
Fix Committed
Status in linux source package in Disco:
Fix Committed
Bug description:
SRU Justification:
==================
[Impact]
* 'zkey validate' shows wrong information about master key registers
* this might lead to unsuccessful usage of pkeys, although the master
key and the derived keys are correct
[Fix]
* ebb7c695d3bc7a4986b92edc8d9ef43491be183e ebb7c69 "pkey: Indicate old
mkvp only if old and current mkvp are different"
[Test Case]
* set a CCA master key
* generate a pkey
* 'change' (or better set) the current CCA master key to the exact
same master key again which is currently in use
* execute a 'zkey validate'
[Regression Potential]
* The regression potential can be considered as very low since this is
purely s390x specific
* changes are limited to a single file
(drivers/s390/crypto/pkey_api.c)
* patch changes only one line (actually expands an if stmt)
* and all this happens only in a very specific situation (in case a
new master key was set, using the same key as before)
[Other Info]
* Problem was found during tests at IBM and is a so called 'preventive
fix'
__________
Description: pkey: Indicate old mkvp only if old and curr. mkvp are
different
Symptom: zkey validate shows wrong information about master key
registers
Problem: When the CCA master key is set twice with the same master key,
then the old and the current master key are the same and thus
the verification patterns are the same, too. The check to
report
if a secure key is currently wrapped by the old master key
erroneously reports old mkvp in this case.
Solution: Fix this by checking current and old mkvp and report OLD only
if
current and old mkvp are different.
Reproduction: Change the CCA master key but set the exact same master
key that is already used. Then do a 'zkey validate' command on a
secure key
Component: kernel 5.1 rc1
Upstream-ID: ebb7c695d3bc7a4986b92edc8d9ef43491be183e
This fix will be provided with kernel >=5.1 , will be integrate in 19.10 by
default.
But should also be applied to 18.04 and 19.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1832625/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
