[Bug 1996069] Re: [UBUNTU 20.04] zipl: Add secure boot trailer (s390-tools part)

Frank Heimes 1996069 at bugs.launchpad.net
Fri Nov 25 14:41:19 UTC 2022 

** Also affects: s390-tools (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: s390-tools-signed (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: s390-tools (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: s390-tools-signed (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: s390-tools (Ubuntu Kinetic)
   Importance: Undecided
       Status: New

** Also affects: s390-tools-signed (Ubuntu Kinetic)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1996069

Title:
  [UBUNTU 20.04] zipl: Add secure boot trailer  (s390-tools part)

Status in Ubuntu on IBM z Systems:
  In Progress
Status in s390-tools package in Ubuntu:
  In Progress
Status in s390-tools-signed package in Ubuntu:
  In Progress
Status in s390-tools source package in Focal:
  New
Status in s390-tools-signed source package in Focal:
  New
Status in s390-tools source package in Jammy:
  New
Status in s390-tools-signed source package in Jammy:
  New
Status in s390-tools source package in Kinetic:
  New
Status in s390-tools-signed source package in Kinetic:
  New

Bug description:
  Description:   zipl: Add secure boot trailer

  Symptom:       Secure boot of Linux will no longer be possible with an upcoming
                 IBM Z firmware update.

  Problem:       New IBM Z firmware requires all signed boot images to contain a
                 trailing data block with a specific format.

  Solution:      Add trailing data block to the zipl stage 3 boot loader image.
  Reproduction:  Apply latest firmware, perform IPL with Secure Boot enabled.

  Fix:           Available upstream with
  Upstream-ID:   5768d55a08e163f718bd87498b9e763687ae7137

  Upstream-Description:

                zipl/boot: add secure boot trailer

                This patch enhances the zipl stage3 loader image adding a trailer as
                required for secure boot by future firmware versions.

                Note: with the change in this patch the padding via objcopy command line
                options is replaced by padding via linker script directives with the
                same effect.

                Signed-off-by: Peter Oberparleiter <oberpar at linux.ibm.com>
                Signed-off-by: Jan Hoeppner <hoeppner at linux.ibm.com>

  
  Signed-off-by: Peter Oberparleiter <oberpar at linux.ibm.com>

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1996069/+subscriptions

More information about the foundations-bugs mailing list