[Bug 2097533] Re: [25.04 FEAT] [VS2304] KVM: Support retrievable secrets in Secure Execution guests - s390-tools part
Frank Heimes
2097533 at bugs.launchpad.net
Thu Feb 27 08:11:43 UTC 2025
*** This bug is a duplicate of bug 2096789 ***
https://bugs.launchpad.net/bugs/2096789
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2097533
Title:
[25.04 FEAT] [VS2304] KVM: Support retrievable secrets in Secure
Execution guests - s390-tools part
Status in Ubuntu on IBM z Systems:
Fix Released
Status in s390-tools package in Ubuntu:
Fix Released
Status in s390-tools-signed package in Ubuntu:
Fix Released
Bug description:
Feature Description:
For crypto passthrough, so far it was necessary to pass guest-specific
secrets (Item binding keys) to the Ultravisor to ensure that passed-
through APQNs can only be used by authorized guests. In a next step
the Ultravisor interface can be extended for generalized secrets
management (storing, listing, retrieving), e.g. for key material to
encrypt disk and network I/O. With this capability it will not be
necessary any more to store secrets in the secure image (the
initramfs) itself, which greatly simplifies image construction,
specifically of generic/vendor images and also the image update
process (e.g. kernel or initramfs security updates).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/2097533/+subscriptions
More information about the foundations-bugs
mailing list