This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-disco -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1832625 Title: [UBUNTU] pkey: Indicate old mkvp only if old and curr. mkvp are different Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: SRU Justification: ================== [Impact] * 'zkey validate' shows wrong information about master key registers * this might lead to unsuccessful usage of pkeys, although the master key and the derived keys are correct [Fix] * ebb7c695d3bc7a4986b92edc8d9ef43491be183e ebb7c69 "pkey: Indicate old mkvp only if old and current mkvp are different" [Test Case] * set a CCA master key * generate a pkey * 'change' (or better set) the current CCA master key to the exact same master key again which is currently in use * execute a 'zkey validate' [Regression Potential] * The regression potential can be considered as very low since this is purely s390x specific * changes are limited to a single file (drivers/s390/crypto/pkey_api.c) * patch changes only one line (actually expands an if stmt) * and all this happens only in a very specific situation (in case a new master key was set, using the same key as before) [Other Info] * Problem was found during tests at IBM and is a so called 'preventive fix' __________ Description: pkey: Indicate old mkvp only if old and curr. mkvp are different Symptom: zkey validate shows wrong information about master key registers Problem: When the CCA master key is set twice with the same master key, then the old and the current master key are the same and thus the verification patterns are the same, too. The check to report if a secure key is currently wrapped by the old master key erroneously reports old mkvp in this case. Solution: Fix this by checking current and old mkvp and report OLD only if current and old mkvp are different. Reproduction: Change the CCA master key but set the exact same master key that is already used. Then do a 'zkey validate' command on a secure key Component: kernel 5.1 rc1 Upstream-ID: ebb7c695d3bc7a4986b92edc8d9ef43491be183e This fix will be provided with kernel >=5.1 , will be integrate in 19.10 by default. But should also be applied to 18.04 and 19.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1832625/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
