This bug was fixed in the package qemu - 1:2.11+dfsg-1ubuntu7.17 --------------- qemu (1:2.11+dfsg-1ubuntu7.17) bionic; urgency=medium
* {Ice,Cascade}Lake IA32_ARCH_CAPABILITIES support (LP: 1828495) Needed patch is in d/p/u/lp1828495-: - 0017-target-i386-add-MDS-NO-feature.patch: target/i386: add MDS-NO feature qemu (1:2.11+dfsg-1ubuntu7.16) bionic; urgency=medium [ Christian Ehrhardt ] * d/p/ubuntu/lp-1830243-s390-bios-Skip-bootmap-signature-entries.patch: tolerate guests with secure boot loaders (LP: #1830243) [ Rafael David Tinoco ] * {Ice,Cascade}Lake CPUs + IA32_ARCH_CAPABILITIES support (LP: #1828495) Needed patches are in d/p/u/lp1828495-: - 0001-guidance-cpu-models.patch: docs: add guidance on configuring CPU models for x86 + d/qemu-system-common.install: include man/man7/qemu-cpu-models.7 - 0002-msr-new-msr-indices.patch: i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES - 0003-cpuid-feature-ia32-arch-capabilities.patch: i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR - 0004-cpuid-bit-for-wbnoinvd.patch: i386: Add CPUID bit for WBNOINVD - 0005-new-cpu-model-for-icelake.patch: i386: Add new CPU model Icelake-{Server,Client} - 0006-update-headers-to-4.16-rc5.patch: update Linux headers to 4.16-rc5 - 0007-kvm-get-msr-feature-index_list.patch: kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and - 0008-x86-msr-related-data-structure-changes.patch: x86: Data structure changes to support MSR based features - 0009-feature-wordS-arch-capabilities.patch: x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH - 0010-use-kvm-get-msr-index-list.patch: kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support - 0011-disable-arch-cap-when-no-msr.patch: i386: kvm: Disable arch_capabilities if MSR can't be set - 0012-arch-capabilities-migratable.patch: i386: Make arch_capabilities migratable - 0013-cascadelake-server.patch: i386: Add new model of Cascadelake-Server - 0014-remove-cpuid-pconfig.patch: i386: remove the new CPUID 'PCONFIG' from Icelake-Server CPU model - 0015-remove-cpuid-intel_pt.patch: i386: remove the 'INTEL_PT' CPUID bit from named CPU models - 0016-no-ospke-on-some.patch: i386: Disable OSPKE on CPU model definitions -- Rafael David Tinoco <rafaeldtin...@ubuntu.com> Mon, 05 Aug 2019 19:12:08 +0000 ** Changed in: qemu (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1830243 Title: [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu Status in Ubuntu on IBM z Systems: Fix Committed Status in qemu package in Ubuntu: Fix Released Status in qemu source package in Xenial: Fix Released Status in qemu source package in Bionic: Fix Released Status in qemu source package in Cosmic: Won't Fix Status in qemu source package in Disco: Fix Released Status in qemu source package in Eoan: Fix Released Bug description: [Impact] * s390x is about to add secure boot features which are implemented by a new IPL section * Older qemu bootloaders for s390x will stumble over that IPL section and be unable to boot. * Backport the changes from upstream that make qemu tolerate those sections (not the new feature of secure boot, just the avoidance of the guest crash on boot) [Test Case] * Take a signed kernel on s390x (either the one from xnox in comment #19 or use signtool to create one) * Install that kernel in a guest of the qemu that is to be tested * Run zipl with --secure 1 to write a secure boot section for sure * With an unpatched qemu this would now fail to boot again * Install the update to qemu and boot the guest, by skipping the "tolerated, but not supported" new section it works again. [Regression Potential] * If any of the checks goes wrong we might affect booting of guests in a negative way. For example it might no more start or load a wrong kernel. But since the IPL records written by `zipl` are clearly specified that should hopefully not be the case here. The code added clearly only skips an additional section that didn't exist before. [Other Info] * n/a --- Secure boot enablement KVM. Will be made available with qemu 4.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1830243/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp