[Kernel-packages] [Bug 1996071] Re: [UBUNTU 20.04] boot: Add secure boot trailer
Ok, so it's actually like this ... (for focal) ** Attachment removed: "0001-s390-boot-add-secure-boot-trailer.patch" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996071/+attachment/5630383/+files/0001-s390-boot-add-secure-boot-trailer.patch ** Patch added: "0001-s390-boot-add-secure-boot-trailer.patch" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996071/+attachment/5630388/+files/0001-s390-boot-add-secure-boot-trailer.patch -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996071 Title: [UBUNTU 20.04] boot: Add secure boot trailer Status in Ubuntu on IBM z Systems: New Status in linux package in Ubuntu: Invalid Status in linux source package in Focal: New Status in linux source package in Jammy: New Status in linux source package in Kinetic: New Bug description: Description: boot: Add secure boot trailer Symptom: Secure boot of Linux will no longer be possible with an upcoming IBM Z firmware update. Problem: New IBM Z firmware requires signed bootable images to contain a trailing data block with a specific format. Solution: Add the trailing data block to the Linux kernel image. Reproduction: Apply latest firmware, perform IPL with Secure Boot enabled. Fix: available upstream with Upstream-ID: aa127a069ef312aca02b730d5137e1778d0c3ba7 Preventive:yes Date: 2022-10-27 Author:Peter Oberparleiter Component: kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1996071/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996071] Re: [UBUNTU 20.04] boot: Add secure boot trailer
Looks like we commented in parallel. Yes, backport will be helpful. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996071 Title: [UBUNTU 20.04] boot: Add secure boot trailer Status in Ubuntu on IBM z Systems: New Status in linux package in Ubuntu: Invalid Status in linux source package in Focal: New Status in linux source package in Jammy: New Status in linux source package in Kinetic: New Bug description: Description: boot: Add secure boot trailer Symptom: Secure boot of Linux will no longer be possible with an upcoming IBM Z firmware update. Problem: New IBM Z firmware requires signed bootable images to contain a trailing data block with a specific format. Solution: Add the trailing data block to the Linux kernel image. Reproduction: Apply latest firmware, perform IPL with Secure Boot enabled. Fix: available upstream with Upstream-ID: aa127a069ef312aca02b730d5137e1778d0c3ba7 Preventive:yes Date: 2022-10-27 Author:Peter Oberparleiter Component: kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1996071/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996071] Re: [UBUNTU 20.04] boot: Add secure boot trailer
In the focal master-next tree file 'vmlinux.lds.S' is at a different location:
'arch/s390/boot/compressed/' instead of 'arch/s390/boot/'
and the context is also slightly different.
Would you please have a look at the attached backport for focal and confirm
that it's correct?
Since it has this add. block:
"
. = ALIGN(256);
.bss : {
_bss = . ;
*(.bss)
*(.bss.*)
*(COMMON)
. = ALIGN(8); /* For convenience during zeroing */
_ebss = .;
}
"
Cherry-pick was fine for kinetic and jammy.
** Patch added: "0001-s390-boot-add-secure-boot-trailer.patch"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996071/+attachment/5630383/+files/0001-s390-boot-add-secure-boot-trailer.patch
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996071
Title:
[UBUNTU 20.04] boot: Add secure boot trailer
Status in Ubuntu on IBM z Systems:
New
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Focal:
New
Status in linux source package in Jammy:
New
Status in linux source package in Kinetic:
New
Bug description:
Description: boot: Add secure boot trailer
Symptom: Secure boot of Linux will no longer be possible with an
upcoming
IBM Z firmware update.
Problem: New IBM Z firmware requires signed bootable images to contain a
trailing data block with a specific format.
Solution: Add the trailing data block to the Linux kernel image.
Reproduction: Apply latest firmware, perform IPL with Secure Boot
enabled.
Fix: available upstream with
Upstream-ID: aa127a069ef312aca02b730d5137e1778d0c3ba7
Preventive:yes
Date: 2022-10-27
Author:Peter Oberparleiter
Component: kernel
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1996071/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996071] Re: [UBUNTU 20.04] boot: Add secure boot trailer
** Also affects: linux (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996071 Title: [UBUNTU 20.04] boot: Add secure boot trailer Status in Ubuntu on IBM z Systems: New Status in linux package in Ubuntu: Invalid Status in linux source package in Focal: New Status in linux source package in Jammy: New Status in linux source package in Kinetic: New Bug description: Description: boot: Add secure boot trailer Symptom: Secure boot of Linux will no longer be possible with an upcoming IBM Z firmware update. Problem: New IBM Z firmware requires signed bootable images to contain a trailing data block with a specific format. Solution: Add the trailing data block to the Linux kernel image. Reproduction: Apply latest firmware, perform IPL with Secure Boot enabled. Fix: available upstream with Upstream-ID: aa127a069ef312aca02b730d5137e1778d0c3ba7 Preventive:yes Date: 2022-10-27 Author:Peter Oberparleiter Component: kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1996071/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996071] Re: [UBUNTU 20.04] boot: Add secure boot trailer
So commit aa127a069ef312aca02b730d5137e1778d0c3ba7 "s390/boot: add secure boot trailer" was just upstream accepted with v6.1-rc3. And it got tagged for upstream stable with: "Cc: # 5.2+" That means that it will ideally automatically land over time in all Ubuntu kernels, down to focal's 5.4. But since this bug is marked as critical, the patch is relatively short, traceable and s390x-specific, I'll go ahead and submit this patch for Jammy and Focal ahead of upstream stable. It's planned to have kernel 6.2 in lunar (23.04), hence it will get the patch automatically when at the planned target level. ** Also affects: linux (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Kinetic) Importance: Undecided Status: New ** Changed in: linux (Ubuntu) Status: New => Invalid ** Also affects: ubuntu-z-systems Importance: Undecided Status: New ** Changed in: ubuntu-z-systems Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team) ** Changed in: linux (Ubuntu) Assignee: Skipper Bug Screeners (skipper-screen-team) => (unassigned) ** Changed in: ubuntu-z-systems Importance: Undecided => Critical -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996071 Title: [UBUNTU 20.04] boot: Add secure boot trailer Status in Ubuntu on IBM z Systems: New Status in linux package in Ubuntu: Invalid Status in linux source package in Jammy: New Status in linux source package in Kinetic: New Bug description: Description: boot: Add secure boot trailer Symptom: Secure boot of Linux will no longer be possible with an upcoming IBM Z firmware update. Problem: New IBM Z firmware requires signed bootable images to contain a trailing data block with a specific format. Solution: Add the trailing data block to the Linux kernel image. Reproduction: Apply latest firmware, perform IPL with Secure Boot enabled. Fix: available upstream with Upstream-ID: aa127a069ef312aca02b730d5137e1778d0c3ba7 Preventive:yes Date: 2022-10-27 Author:Peter Oberparleiter Component: kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1996071/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
