This bug is awaiting verification that the linux/5.15.0-43.46 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1959973 Title: [22.04 FEAT] KVM: Attestation support for Secure Execution (crypto) Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Invalid Status in linux source package in Jammy: Fix Committed Bug description: SRU Justification: ================== [Impact] * This is a hardware enablement SRU in support of IBM z15 and LinuxONE III (FC 115) secure execution feature. * It adds a misc character device to expose some Ultravisor functions to userspace. * The device is only available if the (optional) Ultravisor Facility (158) is present in the system. * Two Ultravisor calls are supported: - Query Ultravisor Information (QUI) and - Receive Attestation Measurement (Attest[ation]) * This is in support of for example. external frameworks, specific deployment models or especially potentially regulatory requirements. [Fix] * 4689752c79fa 4689752c79fa30e91b49b39a9fba93c4d1f3e20c "drivers/s390/char: Add Ultravisor io device" * eb3de2d8f78d eb3de2d8f78d893303891d879f941c47f2f2d13d "s390/uv_uapi: depend on CONFIG_S390" * patch to set kernel config option 'CONFIG_S390_UV_UAPI=y' [Test Plan] * An IBM z15 or LinuxONE III LPAR with FC 115 enabled is required. * Installation of Ubuntu Server 22.04 LTS on top. * Install a kernel that incl. the above patches/commits (that has the kernel config option 'CONFIG_S390_UV_UAPI' enabled). * Activate the kernel (reboot) and look for the existence of the uvdevice '/dev/uv'. * Use a userspace test program that makes use of the new misc device by exploiting 'ATTEST'. * Due to hardware requirements this test needs to be conducted by IBM. [Where problems could occur] * The definitions in uv_cmds_inst and uv_feat_ind could be wrong and the codes wrong or mixed up, which would lead to a broken functionality/interface. * The uvdevice header definitions could be erroneous, defining an wrong interface. * The newly added kernel options could be implemented in a wrong way, so that it doesn't enable the 'uvdevice', but unlikely. * The implementation of the device itself in 'uvdevice.c' could be broken by wrong or broken pointer arithmetics, wrong method arguments, wrong sizeof/length calculations, which - in worst case - could entirely crash a system. * The ioctl control block implementation could be wrong in a way, that it doesn't properly handle the case where the facility is not available in the system. * Entry point, copy and check routines could be wrong, allowing non-desired calls. * This is an s390x-only functionality, that is only available on IBM z15 / LinuxONE III systems and newer, and only is the optional feature 'FC 115' in place, which is limited to 'secure-execution' workloads. [Other Info] * The above commit is marked to be merged into 5.19-rc2, and since the planned target kernel for kinetic is 5.19, the SRU is not needed for kinetic. __________ KVM: Attestation support for Secure Execution (crypto) Description: Provide attestations support, e.g. for external frameworks, specific deployment models or potentially regulatory requirements. Request Type: Kernel - Enhancement from IBM Upstream Acceptance: In Progress To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1959973/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
