[Bug 1959548] Re: [22.04 FEAT] zcrypt DD: Exploitation Support of new IBM Z Crypto Hardware (s390-tools part)

Łukasz Zemczak 1959548 at bugs.launchpad.net
Thu Jun 23 10:30:16 UTC 2022 

Hello bugproxy, or anyone else affected,

Accepted s390-tools into jammy-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/s390-tools/2.20.0-0ubuntu3.1 in a
few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
jammy to verification-done-jammy. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-jammy. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: s390-tools (Ubuntu Jammy)
       Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-jammy

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1959548

Title:
  [22.04 FEAT] zcrypt DD: Exploitation Support of new IBM Z Crypto
  Hardware (s390-tools part)

Status in Ubuntu on IBM z Systems:
  Fix Committed
Status in s390-tools package in Ubuntu:
  Fix Released
Status in s390-tools-signed package in Ubuntu:
  Fix Committed
Status in s390-tools source package in Jammy:
  Fix Committed
Status in s390-tools-signed source package in Jammy:
  In Progress
Status in s390-tools source package in Kinetic:
  Fix Released
Status in s390-tools-signed source package in Kinetic:
  Fix Committed

Bug description:
  SRU Justification:
  ==================

  [Impact]

   * This in a hardware enablement SRU,
     and mainly adds support for CryptoExpress 8S adapters
     to the s390-tools package.

   * With that the new options 'show_serialnumbers',
     '--accelonly', '--ccaonly' and '--ep11only'
     are introduced to the lszcrypt tool.

   * In addition lszcrypt now supports the checkstop state
     of a crypto card, that is provided by the 'chkstop'
     attribute in the sysfs of newer kernels.

   * And lszcrypt now shows the AP bus msg size limit capability,
     which is needed for new adapter cards.

   * New codes for zcryptstats are needed as well.

  [Test Plan]

   * Prepare an IBM z16 LPAR with Ubuntu 22.04 (incl. this patch)
     that has an CryptoExpress 8S adapter attached to it
     and at least one crypto domain online and available.

   * Call 'lszcrypt -V' and check the 2nd column called 'type'
     and the last column called 'driver'.

   * If both have entries that start with "cex8..." then the new
     CryptoExpress 8S driver is active and the new card is detected
     and can be used (and the new features exploited).

   * If the driver listed there is older than 'cex8',
     than the new card is probably detected as an older type
     and it runs in toleration mode only.

   * Try and test the new options.

   * Run zcryptstats and with that make use of the new codes
     (which actually means add CEX8S support for zcryptstats).

   * And finally extending lszcrypt's capabilities and
     make it aware of CEX8S.

  [Where problems could occur]

   * The new declarations, initializations or the scan for the serial numbers
     of the devices could fail, which would lead to a non-working
     or even erroneous new '-s' option.

   * The new filter mechanism could be broken and now incorrect
     resources, but this would be limited to the new options
     '--cardonly' and '--queueonly'.

   * The same applies to the new options
     '--accelonly', '--ccaonly' and '--ep11only'.

   * The handling of the new chkstop state can be confusing or might be
     broken, which may lead to wrong state representations.

   * The new AP bus msg size limit mights be incorrectly calculated,
     which leads to a wrong size and with that certain feature not to work.

   * The new zcryptstats might come with wrong or mixed codes,
     which would lead to wrong and misleading statistics,
     or even break zcryptstats.

   * Regarding the lszcrypt capability extension there is no danger
     since an existing case statement is extended and the case content
     reused unchanged.

   * All this is s390x specific, and only affects the handling for
     CryptoExpress 8S adapters. It won't have an impact on CPACF.

  __________

  zcrypt DD: Exploitation Support of new IBM Z Crypto Hardware -
  s390-tools part

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1959548/+subscriptions

More information about the foundations-bugs mailing list