** Changed in: ubuntu-z-systems
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1830243
Title:
[19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu
To
This bug was fixed in the package qemu - 1:2.11+dfsg-1ubuntu7.17
---
qemu (1:2.11+dfsg-1ubuntu7.17) bionic; urgency=medium
* {Ice,Cascade}Lake IA32_ARCH_CAPABILITIES support (LP: 1828495)
Needed patch is in d/p/u/lp1828495-:
- 0017-target-i386-add-MDS-NO-feature.patch:
This bug was fixed in the package qemu - 1:3.1+dfsg-2ubuntu3.3
---
qemu (1:3.1+dfsg-2ubuntu3.3) disco; urgency=medium
[ Christian Ehrhardt ]
* d/p/ubuntu/lp-1830243-s390-bios-Skip-bootmap-signature-entries.patch:
tolerate guests with secure boot loaders (LP: #1830243)
[
Just checked on s1lp05 - this one still works as before (as expected as
we didn't change it in this fixup upload).
** Tags removed: verification-needed verification-needed-bionic
** Tags added: verification-done verification-done-bionic
--
You received this bug notification because you are a
Hello bugproxy, or anyone else affected,
Accepted qemu into bionic-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-
1ubuntu7.17 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
This bug was fixed in the package qemu - 1:2.5+dfsg-5ubuntu10.41
---
qemu (1:2.5+dfsg-5ubuntu10.41) xenial; urgency=medium
* d/p/ubuntu/lp-1830243-s390-bios-Skip-bootmap-signature-entries.patch:
tolerate guests with secure boot loaders (LP: #1830243)
-- Christian Ehrhardt
1. Installed an Eoan guest on Xenial/Bionic/Disco hosts
In the Guest
2. set secure = 1 in /etc/zipl.conf
3. unfortunately xnox refreshed his PPA and it has no pre-signed kernel anymore
:-/
I tried to follow https://ubuntu.com/blog/how-to-sign-things-for-secure-boot
in various ways,
but I
All errors are timeout errors when trying to access armhf archive:
# libvirt armhf:
The following packages will be upgraded:
apt apt-transport-https apt-utils bash binutils binutils-arm-linux-gnueabihf
binutils-common bzip2 console-setup console-setup-linux dbus debconf
debconf-i18n
I asked someone with permissions to restart those tests to check if
timeout issue is gone.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1830243
Title:
[19.10 FEAT] KVM: Secure Linux Boot
** Changed in: ubuntu-z-systems
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1830243
Title:
[19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu
To
Hello bugproxy, or anyone else affected,
Accepted qemu into bionic-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-
1ubuntu7.16 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
Hello bugproxy, or anyone else affected,
Accepted qemu into disco-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/qemu/1:3.1+dfsg-
2ubuntu3.3 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
Tags pushed and uploaded to X/B/D unapproved for the SRU Team to do a
final review and accept.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1830243
Title:
[19.10 FEAT] KVM: Secure Linux Boot
** Description changed:
+ [Impact]
+
+ * s390x is about to add secure boot features which are implemented by a
+new IPL section
+
+ * Older qemu bootloaders for s390x will stumble over that IPL section and
+be unable to boot.
+
+ * Backport the changes from upstream that make qemu
Got signed kernels from xnox in [1].
With those they zipl
Using config file '/etc/zipl.conf'
Target device information
Device..: fc:00
Partition...: fc:01
Device name.: vda
Device driver name..: virtblk
Thanks Christian, but when doing so I get:
$ cat /etc/zipl.conf
# This has been modified by the cloud image build process
[defaultboot]
default=ubuntu
[ubuntu]
target = /boot
secure = 1
image = /boot/vmlinuz
parameters = root=LABEL=cloudimg-rootfs
ramdisk = /boot/initrd.img
$ sudo zipl -V
I have access to secureboot signed zipl & kernels. I will prepare a
sample cloud-image to test boot with all the qemus.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1830243
Title:
[19.10 FEAT]
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/qemu/+git/qemu/+merge/369709
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/qemu/+git/qemu/+merge/369710
** Merge proposal linked:
Yeah lets focus on 2497b4a3 "s390-bios: Skip bootmap signature entries" here
then.
If ever "IPLing from a dasd attached via vfio-ccw" is wanted that would be an
extra bug/discussion.
Thanks Christian B. for pointing to the core change of this bug!
That way it applies as-is to 3.1, with very
I also wonder if we need secureboot toleration patches in zipl for
xenial+ (when it has no signed stage3.bin)
Specifically, it should strip secureboot signatures off kernels or
otherwise things might not boot.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
Ok, now that things are in Eoan how do we want to work on the SRUs.
Dimitri already identified quite a lot of changes on top of 3.1 in comment #5.
I can only assume that this will get worse and worse further back.
will IBM provide branches or patches for qemu 2.5, 2.11 and 3.1 or
should I give
** Changed in: ubuntu-z-systems
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1830243
Title:
[19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu
To manage
This bug was fixed in the package qemu - 1:4.0+dfsg-0ubuntu1
---
qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
* Merge with Upstream release of qemu 4.0.
Among many other things this fixes LP Bugs:
LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1830243
Title:
[19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu
To manage notifications about
24 matches
Mail list logo
