[Bug 1959548] Re: [22.04 FEAT] zcrypt DD: Exploitation Support of new IBM Z Crypto Hardware (s390-tools part)

Frank Heimes 1959548 at bugs.launchpad.net
Wed May 25 09:10:03 UTC 2022 

** Description changed:

  SRU Justification:
  ==================
  
  [Impact]
  
-  * This in a hardware enablement SRU,
-    and mainly adds support for CryptoExpress 8S adapters
-    to the s390-tools package.
+  * This in a hardware enablement SRU,
+    and mainly adds support for CryptoExpress 8S adapters
+    to the s390-tools package.
  
-  * With that the new options 'show_serialnumbers',
-    '--accelonly', '--ccaonly' and '--ep11only'
-    are introduced to the lszcrypt tool.
+  * With that the new options 'show_serialnumbers',
+    '--accelonly', '--ccaonly' and '--ep11only'
+    are introduced to the lszcrypt tool.
  
-  * In addition lszcrypt now supports the checkstop state
-    of a crypto card, that is provided by the 'chkstop'
-    attribute in the sysfs of newer kernels.
+  * In addition lszcrypt now supports the checkstop state
+    of a crypto card, that is provided by the 'chkstop'
+    attribute in the sysfs of newer kernels.
  
-  * And lszcrypt now shows the AP bus msg size limit capability,
-    which is needed for new adapter cards.
+  * And lszcrypt now shows the AP bus msg size limit capability,
+    which is needed for new adapter cards.
  
-  * New codes for zcryptstats are needed as well.
+  * New codes for zcryptstats are needed as well.
  
  [Test Plan]
  
-  * Prepare an IBM z16 LPAR with Ubuntu 22.04 (incl. this patch)
-    that has an CryptoExpress 8S adapter attached to it
-    and at least one crypto domain online and available.
+  * Prepare an IBM z16 LPAR with Ubuntu 22.04 (incl. this patch)
+    that has an CryptoExpress 8S adapter attached to it
+    and at least one crypto domain online and available.
  
-  * Call 'lszcrypt -V' and check the 2nd column called 'type'
-    and the last column called 'driver'.
+  * Call 'lszcrypt -V' and check the 2nd column called 'type'
+    and the last column called 'driver'.
  
-  * If both have entries that start with "cex8..." then the new
-    CryptoExpress 8S driver is active and the new card is detected
-    and can be used (and the new features exploited).
+  * If both have entries that start with "cex8..." then the new
+    CryptoExpress 8S driver is active and the new card is detected
+    and can be used (and the new features exploited).
  
-  * If the driver listed there is older than 'cex8',
-    than the new card is probably detected as an older type
-    and it runs in toleration mode only.
+  * If the driver listed there is older than 'cex8',
+    than the new card is probably detected as an older type
+    and it runs in toleration mode only.
  
-  * Try and test the new options.
+  * Try and test the new options.
  
-  * Run zcryptstats and with that make use of the new codes
-    (which actually means add CEX8S support for zcryptstats).
+  * Run zcryptstats and with that make use of the new codes
+    (which actually means add CEX8S support for zcryptstats).
  
-  * And finally extending lszcrypt's capabilities and
-    make it aware of CEX8S.
+  * And finally extending lszcrypt's capabilities and
+    make it aware of CEX8S.
  
  [Where problems could occur]
  
-  * The new declarations, initializations or the scan for the serial numbers
-    of the devices could fail, which would lead to a non-working
-    or even erroneous new '-s' option.
+  * The new declarations, initializations or the scan for the serial numbers
+    of the devices could fail, which would lead to a non-working
+    or even erroneous new '-s' option.
  
-  * The new filter mechanism could be broken and now incorrect
-    resources, but this would be limited to the new options
-    '--cardonly' and '--queueonly'.
+  * The new filter mechanism could be broken and now incorrect
+    resources, but this would be limited to the new options
+    '--cardonly' and '--queueonly'.
  
-  * The same applies to the new options
-    '--accelonly', '--ccaonly' and '--ep11only'.
+  * The same applies to the new options
+    '--accelonly', '--ccaonly' and '--ep11only'.
  
-  * The handling of the new chkstop state can be confusing or might be
-    broken, which may lead to wrong state representations.
+  * The handling of the new chkstop state can be confusing or might be
+    broken, which may lead to wrong state representations.
  
-  * The new AP bus msg size limit mights be incorrectly calculated,
-    which leads to a wrong size and with that certain feature not to work.
+  * The new AP bus msg size limit mights be incorrectly calculated,
+    which leads to a wrong size and with that certain feature not to work.
  
-  * The new zcryptstats might come with wrong or mixed codes,
-    which would lead to wrong and misleading statistics,
-    or even break zcryptstats.
+  * The new zcryptstats might come with wrong or mixed codes,
+    which would lead to wrong and misleading statistics,
+    or even break zcryptstats.
  
-  * Regarding the lszcrypt capability extension there is no danger
-    since an existing case statement is extended and the case content
-    reused unchanged.
+  * Regarding the lszcrypt capability extension there is no danger
+    since an existing case statement is extended and the case content
+    reused unchanged.
  
-  * All this is s390x specific, and only affects the handling for
-    CryptoExpress 8S adapters. It won't have an impact on CPACF.
- 
- [Other Info]
-  
-  * The net CEX8S support is provided by commits bcbb6fca and b16a6d4f.
-    All others can be considered as pre-requisites.
+  * All this is s390x specific, and only affects the handling for
+    CryptoExpress 8S adapters. It won't have an impact on CPACF.
  
  __________
  
  zcrypt DD: Exploitation Support of new IBM Z Crypto Hardware -
  s390-tools part

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1959548

Title:
  [22.04 FEAT] zcrypt DD: Exploitation Support of new IBM Z Crypto
  Hardware (s390-tools part)

Status in Ubuntu on IBM z Systems:
  Incomplete
Status in s390-tools package in Ubuntu:
  Incomplete
Status in s390-tools-signed package in Ubuntu:
  Incomplete

Bug description:
  SRU Justification:
  ==================

  [Impact]

   * This in a hardware enablement SRU,
     and mainly adds support for CryptoExpress 8S adapters
     to the s390-tools package.

   * With that the new options 'show_serialnumbers',
     '--accelonly', '--ccaonly' and '--ep11only'
     are introduced to the lszcrypt tool.

   * In addition lszcrypt now supports the checkstop state
     of a crypto card, that is provided by the 'chkstop'
     attribute in the sysfs of newer kernels.

   * And lszcrypt now shows the AP bus msg size limit capability,
     which is needed for new adapter cards.

   * New codes for zcryptstats are needed as well.

  [Test Plan]

   * Prepare an IBM z16 LPAR with Ubuntu 22.04 (incl. this patch)
     that has an CryptoExpress 8S adapter attached to it
     and at least one crypto domain online and available.

   * Call 'lszcrypt -V' and check the 2nd column called 'type'
     and the last column called 'driver'.

   * If both have entries that start with "cex8..." then the new
     CryptoExpress 8S driver is active and the new card is detected
     and can be used (and the new features exploited).

   * If the driver listed there is older than 'cex8',
     than the new card is probably detected as an older type
     and it runs in toleration mode only.

   * Try and test the new options.

   * Run zcryptstats and with that make use of the new codes
     (which actually means add CEX8S support for zcryptstats).

   * And finally extending lszcrypt's capabilities and
     make it aware of CEX8S.

  [Where problems could occur]

   * The new declarations, initializations or the scan for the serial numbers
     of the devices could fail, which would lead to a non-working
     or even erroneous new '-s' option.

   * The new filter mechanism could be broken and now incorrect
     resources, but this would be limited to the new options
     '--cardonly' and '--queueonly'.

   * The same applies to the new options
     '--accelonly', '--ccaonly' and '--ep11only'.

   * The handling of the new chkstop state can be confusing or might be
     broken, which may lead to wrong state representations.

   * The new AP bus msg size limit mights be incorrectly calculated,
     which leads to a wrong size and with that certain feature not to work.

   * The new zcryptstats might come with wrong or mixed codes,
     which would lead to wrong and misleading statistics,
     or even break zcryptstats.

   * Regarding the lszcrypt capability extension there is no danger
     since an existing case statement is extended and the case content
     reused unchanged.

   * All this is s390x specific, and only affects the handling for
     CryptoExpress 8S adapters. It won't have an impact on CPACF.

  __________

  zcrypt DD: Exploitation Support of new IBM Z Crypto Hardware -
  s390-tools part

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1959548/+subscriptions

More information about the foundations-bugs mailing list