** Description changed:
+ SRU Justification:
+ ==================
+
+ [Impact]
+
+ * This in a hardware enablement SRU,
+ and mainly adds support for CryptoExpress 8S adapters
+ to the s390-tools package.
+
+ * With that the new options 'show_serialnumbers',
+ '--accelonly', '--ccaonly' and '--ep11only'
+ are introduced to the lszcrypt tool.
+
+ * In addition lszcrypt now supports the checkstop state
+ of a crypto card, that is provided by the 'chkstop'
+ attribute in the sysfs of newer kernels.
+
+ * And lszcrypt now shows the AP bus msg size limit capability,
+ which is needed for new adapter cards.
+
+ * New codes for zcryptstats are needed as well.
+
+ [Test Plan]
+
+ * Prepare an IBM z16 LPAR with Ubuntu 22.04 (incl. this patch)
+ that has an CryptoExpress 8S adapter attached to it
+ and at least one crypto domain online and available.
+
+ * Call 'lszcrypt -V' and check the 2nd column called 'type'
+ and the last column called 'driver'.
+
+ * If both have entries that start with "cex8..." then the new
+ CryptoExpress 8S driver is active and the new card is detected
+ and can be used (and the new features exploited).
+
+ * If the driver listed there is older than 'cex8',
+ than the new card is probably detected as an older type
+ and it runs in toleration mode only.
+
+ * Try and test the new options.
+
+ * Run zcryptstats and with that make use of the new codes
+ (which actually means add CEX8S support for zcryptstats).
+
+ * And finally extending lszcrypt's capabilities and
+ make it aware of CEX8S.
+
+ [Where problems could occur]
+
+ * The new declarations, initializations or the scan for the serial numbers
+ of the devices could fail, which would lead to a non-working
+ or even erroneous new '-s' option.
+
+ * The new filter mechanism could be broken and now incorrect
+ resources, but this would be limited to the new options
+ '--cardonly' and '--queueonly'.
+
+ * The same applies to the new options
+ '--accelonly', '--ccaonly' and '--ep11only'.
+
+ * The handling of the new chkstop state can be confusing or might be
+ broken, which may lead to wrong state representations.
+
+ * The new AP bus msg size limit mights be incorrectly calculated,
+ which leads to a wrong size and with that certain feature not to work.
+
+ * The new zcryptstats might come with wrong or mixed codes,
+ which would lead to wrong and misleading statistics,
+ or even break zcryptstats.
+
+ * Regarding the lszcrypt capability extension there is no danger
+ since an existing case statement is extended and the case content
+ reused unchanged.
+
+ * All this is s390x specific, and only affects the handling for
+ CryptoExpress 8S adapters. It won't have an impact on CPACF.
+
+ [Other Info]
+
+ * The net CEX8S support is provided by commits bcbb6fca and b16a6d4f.
+ All others can be considered as pre-requisites.
+
+ __________
+
zcrypt DD: Exploitation Support of new IBM Z Crypto Hardware -
s390-tools part
** Changed in: s390-tools (Ubuntu)
Assignee: Skipper Bug Screeners (skipper-screen-team) => Frank Heimes
(fheimes)
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1959548
Title:
[22.04 FEAT] zcrypt DD: Exploitation Support of new IBM Z Crypto
Hardware (s390-tools part)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1959548/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
