[Bug 1968260] [NEW] [UBUNTU 20.04] genprotimg fails to process z15 host key documents after April 2022 (s390-tools)

Launchpad Bug Tracker 1968260 at bugs.launchpad.net
Fri Apr 8 16:20:22 UTC 2022 

You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):

== Comment: #0 - Viktor Mihajlovski <MIHAJLOV at de.ibm.com> - 2022-04-07 08:55:11 ==
DigiCert is the CA issuing the signing certificate for Secure Execution host key documents. This certificate is used for the verification of the host key document validity. Recently, DigiCert has changed the root CA certificate used for issuance of the signing certificates.
As genprotimg is checking the CA serial, the verification of the chain of trust will fail. As a workaround, it is possible to disable certificate verification, but this is not recommended because it makes it easier to provide a fake host key document.
Since the previously issued host key documents are expiring in April 2022, it is necessary to fix genprotimg to accept the newly issued host key documents.
 
Contact Information = Viktor Mihajlovski <mihajlov at de.ibm.com>

== Comment: #2 - Viktor Mihajlovski <MIHAJLOV at de.ibm.com> - 2022-04-07 08:57:47 ==
Fixed by:

https://github.com/ibm-s390-linux/s390-tools

commit 78b053326c504c0535b5ec1c244ad7bb5a1df29d
Author: Marc Hartmayer <mhartmay at linux.ibm.com>
Date:   Thu Mar 31 14:00:31 2022 +0000

    genprotimg: remove DigiCert root CA pinning

** Affects: ubuntu-z-systems
     Importance: High
     Assignee: Skipper Bug Screeners (skipper-screen-team)
         Status: New

** Affects: s390-tools (Ubuntu)
     Importance: Undecided
     Assignee: Skipper Bug Screeners (skipper-screen-team)
         Status: In Progress

** Affects: s390-tools-signed (Ubuntu)
     Importance: Undecided
         Status: In Progress

** Affects: s390-tools (Ubuntu Focal)
     Importance: Undecided
         Status: New

** Affects: s390-tools-signed (Ubuntu Focal)
     Importance: Undecided
         Status: New

** Affects: s390-tools (Ubuntu Impish)
     Importance: Undecided
         Status: New

** Affects: s390-tools-signed (Ubuntu Impish)
     Importance: Undecided
         Status: New

** Affects: s390-tools (Ubuntu Jammy)
     Importance: Undecided
     Assignee: Skipper Bug Screeners (skipper-screen-team)
         Status: In Progress

** Affects: s390-tools-signed (Ubuntu Jammy)
     Importance: Undecided
         Status: In Progress


** Tags: architecture-s39064 bugnameltc-197550 patch severity-high targetmilestone-inin---
-- 
[UBUNTU 20.04] genprotimg fails to process z15 host key documents after April 2022 (s390-tools)
https://bugs.launchpad.net/bugs/1968260
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list