Public bug reported: == Comment: #0 - Viktor Mihajlovski <mihaj...@de.ibm.com> - 2022-04-07 08:55:11 == DigiCert is the CA issuing the signing certificate for Secure Execution host key documents. This certificate is used for the verification of the host key document validity. Recently, DigiCert has changed the root CA certificate used for issuance of the signing certificates. As genprotimg is checking the CA serial, the verification of the chain of trust will fail. As a workaround, it is possible to disable certificate verification, but this is not recommended because it makes it easier to provide a fake host key document. Since the previously issued host key documents are expiring in April 2022, it is necessary to fix genprotimg to accept the newly issued host key documents. Contact Information = Viktor Mihajlovski <mihaj...@de.ibm.com>
== Comment: #2 - Viktor Mihajlovski <mihaj...@de.ibm.com> - 2022-04-07 08:57:47 == Fixed by: https://github.com/ibm-s390-linux/s390-tools commit 78b053326c504c0535b5ec1c244ad7bb5a1df29d Author: Marc Hartmayer <mhart...@linux.ibm.com> Date: Thu Mar 31 14:00:31 2022 +0000 genprotimg: remove DigiCert root CA pinning ** Affects: linux (Ubuntu) Importance: Undecided Assignee: Skipper Bug Screeners (skipper-screen-team) Status: New ** Tags: architecture-s39064 bugnameltc-197550 severity-high targetmilestone-inin--- ** Tags added: architecture-s39064 bugnameltc-197550 severity-high targetmilestone-inin--- ** Changed in: ubuntu Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team) ** Package changed: ubuntu => linux (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968260 Title: [UBUNTU 20.04] genprotimg fails to process z15 host key documents after April 2022 (s390-tools) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1968260/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs