[Bug 1968260] [NEW] [UBUNTU 20.04] genprotimg fails to process z15 host key documents after April 2022 (s390-tools)

bugproxy Thu, 07 Apr 2022 23:26:22 -0700

Public bug reported:

== Comment: #0 - Viktor Mihajlovski <mihaj...@de.ibm.com> - 2022-04-07 08:55:11 
==
DigiCert is the CA issuing the signing certificate for Secure Execution host 
key documents. This certificate is used for the verification of the host key 
document validity. Recently, DigiCert has changed the root CA certificate used 
for issuance of the signing certificates.
As genprotimg is checking the CA serial, the verification of the chain of trust 
will fail. As a workaround, it is possible to disable certificate verification, 
but this is not recommended because it makes it easier to provide a fake host 
key document.
Since the previously issued host key documents are expiring in April 2022, it 
is necessary to fix genprotimg to accept the newly issued host key documents.
 
Contact Information = Viktor Mihajlovski <mihaj...@de.ibm.com>


== Comment: #2 - Viktor Mihajlovski <mihaj...@de.ibm.com> - 2022-04-07 08:57:47 
==
Fixed by:

https://github.com/ibm-s390-linux/s390-tools

commit 78b053326c504c0535b5ec1c244ad7bb5a1df29d
Author: Marc Hartmayer <mhart...@linux.ibm.com>
Date:   Thu Mar 31 14:00:31 2022 +0000

    genprotimg: remove DigiCert root CA pinning

** Affects: linux (Ubuntu)
     Importance: Undecided
     Assignee: Skipper Bug Screeners (skipper-screen-team)
         Status: New


** Tags: architecture-s39064 bugnameltc-197550 severity-high 
targetmilestone-inin---

** Tags added: architecture-s39064 bugnameltc-197550 severity-high
targetmilestone-inin---

** Changed in: ubuntu
     Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)

** Package changed: ubuntu => linux (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1968260

Title:
  [UBUNTU 20.04] genprotimg fails to process z15 host key documents
  after April 2022 (s390-tools)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1968260/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1968260] [NEW] [UBUNTU 20.04] genprotimg fails to process z15 host key documents after April 2022 (s390-tools)

Reply via email to