** Description changed: + [Impact] + + * s390x is about to add secure boot features which are implemented by a + new IPL section + + * Older qemu bootloaders for s390x will stumble over that IPL section and + be unable to boot. + + * Backport the changes from upstream that make qemu tolerate those + sections (not the new feature of secure boot, just the avoidance of the + guest crash on boot) + + [Test Case] + + * Take a signed kernel on s390x (either the one from xnox in comment #19 + or use signtool to create one) + * Install that kernel in a guest of the qemu that is to be tested + * Run zipl with --secure 1 to write a secure boot section for sure + * With an unpatched qemu this would now fail to boot again + * Install the update to qemu and boot the guest, by skipping the + "tolerated, but not supported" new section it works again. + + [Regression Potential] + + * If any of the checks goes wrong we might affect booting of guests in a + negative way. For example it might no more start or load a wrong + kernel. But since the IPL records written by `zipl` are clearly + specified that should hopefully not be the case here. The code added + clearly only skips an additional section that didn't exist before. + + [Other Info] + + * n/a + + --- + Secure boot enablement KVM. Will be made available with qemu 4.1
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1830243 Title: [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1830243/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs