GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/1.2/patches/2233198/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2233198,
    "url": "http://patchwork.ozlabs.org/api/1.2/patches/2233198/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260505201905.997996-26-zycai@linux.ibm.com/",
    "project": {
        "id": 14,
        "url": "http://patchwork.ozlabs.org/api/1.2/projects/14/?format=api",
        "name": "QEMU Development",
        "link_name": "qemu-devel",
        "list_id": "qemu-devel.nongnu.org",
        "list_email": "qemu-devel@nongnu.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260505201905.997996-26-zycai@linux.ibm.com>",
    "list_archive_url": null,
    "date": "2026-05-05T20:18:57",
    "name": "[v11,25/32] Add secure-boot to s390-ccw-virtio machine type option",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "348acf4c428d2d51b50c5d333a0ec35e4356ebf3",
    "submitter": {
        "id": 90643,
        "url": "http://patchwork.ozlabs.org/api/1.2/people/90643/?format=api",
        "name": "Zhuoying Cai",
        "email": "zycai@linux.ibm.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260505201905.997996-26-zycai@linux.ibm.com/mbox/",
    "series": [
        {
            "id": 502896,
            "url": "http://patchwork.ozlabs.org/api/1.2/series/502896/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=502896",
            "date": "2026-05-05T20:18:37",
            "name": "Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices",
            "version": 11,
            "mbox": "http://patchwork.ozlabs.org/series/502896/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2233198/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2233198/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256\n header.s=pp1 header.b=NP1NybIL;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g990y0k29z1yJx\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 06 May 2026 06:22:26 +1000 (AEST)",
            "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1wKMFc-0000SU-1B; Tue, 05 May 2026 16:20:16 -0400",
            "from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <zycai@linux.ibm.com>)\n id 1wKMFN-00085u-P1; Tue, 05 May 2026 16:20:05 -0400",
            "from mx0a-001b2d01.pphosted.com ([148.163.156.1])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <zycai@linux.ibm.com>)\n id 1wKMFL-0000Ka-HW; Tue, 05 May 2026 16:20:01 -0400",
            "from pps.filterd (m0356517.ppops.net [127.0.0.1])\n by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id\n 645IUffX2236368; Tue, 5 May 2026 20:19:56 GMT",
            "from ppma23.wdc07v.mail.ibm.com\n (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93])\n by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4dw9y1dm8e-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);\n Tue, 05 May 2026 20:19:55 +0000 (GMT)",
            "from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1])\n by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id\n 645K9U1A026693;\n Tue, 5 May 2026 20:19:54 GMT",
            "from smtprelay02.dal12v.mail.ibm.com ([172.16.1.4])\n by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4dww3h38m0-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);\n Tue, 05 May 2026 20:19:54 +0000 (GMT)",
            "from smtpav02.wdc07v.mail.ibm.com (smtpav02.wdc07v.mail.ibm.com\n [10.39.53.229])\n by smtprelay02.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id\n 645KJrev25100940\n (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);\n Tue, 5 May 2026 20:19:53 GMT",
            "from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1])\n by IMSVA (Postfix) with ESMTP id E121A58060;\n Tue,  5 May 2026 20:19:52 +0000 (GMT)",
            "from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1])\n by IMSVA (Postfix) with ESMTP id 3AB8558059;\n Tue,  5 May 2026 20:19:51 +0000 (GMT)",
            "from fedora-workstation.pok.ibm.com (unknown [9.12.79.241])\n by smtpav02.wdc07v.mail.ibm.com (Postfix) with ESMTP;\n Tue,  5 May 2026 20:19:51 +0000 (GMT)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc\n :content-transfer-encoding:date:from:in-reply-to:message-id\n :mime-version:references:subject:to; s=pp1; bh=xcYZRMw3kwKTUihKV\n L3CgoXnRLyJwXGjKT0mGBoPo5Y=; b=NP1NybILPM64NOhdaonp9rCCYrlAfy5yM\n 4W5UNxkrXdTdFQ5OFK1F9Bobd9VmqRp0SF+F7uDv6B23dTyO8oIHXkZaaie8nbWn\n y9l4VMMI6gY8EJwlGuiIOWVi6FiCgQAyxQnWCj1teS4bi+cBLaERiDutybdT2G8L\n xJDpQKIo5gRtPFKGEL8ZjfIQTBvky8jpHXqbwYGzmoHd6l23JIaXlxpTmu2Ipub+\n 45wqQABQCIgbpQ3ZIEEbRELIq2AKLpb2un/VMUDILr/bUYmkviOX8CY1d3Zw0Bsp\n vTGhkxd/GMCiVK2GtcBFm/mRSHSickf3a37gdcG3A88iBVO0EJisg==",
        "From": "Zhuoying Cai <zycai@linux.ibm.com>",
        "To": "qemu-s390x@nongnu.org, qemu-devel@nongnu.org",
        "Cc": "jrossi@linux.ibm.com, cohuck@redhat.com, berrange@redhat.com,\n richard.henderson@linaro.org, david@kernel.org, walling@linux.ibm.com,\n jjherne@linux.ibm.com, pasic@linux.ibm.com, borntraeger@linux.ibm.com,\n farman@linux.ibm.com, mjrosato@linux.ibm.com, iii@linux.ibm.com,\n eblake@redhat.com, armbru@redhat.com, zycai@linux.ibm.com,\n alifm@linux.ibm.com, brueckner@linux.ibm.com,\n pierrick.bouvier@oss.qualcomm.com, jdaley@linux.ibm.com",
        "Subject": "[PATCH v11 25/32] Add secure-boot to s390-ccw-virtio machine type\n option",
        "Date": "Tue,  5 May 2026 16:18:57 -0400",
        "Message-ID": "<20260505201905.997996-26-zycai@linux.ibm.com>",
        "X-Mailer": "git-send-email 2.54.0",
        "In-Reply-To": "<20260505201905.997996-1-zycai@linux.ibm.com>",
        "References": "<20260505201905.997996-1-zycai@linux.ibm.com>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "X-TM-AS-GCONF": "00",
        "X-Proofpoint-ORIG-GUID": "-Yn7LhDSmYyV5OiyfTjWlrWJBEOi6rpB",
        "X-Proofpoint-GUID": "-Yn7LhDSmYyV5OiyfTjWlrWJBEOi6rpB",
        "X-Proofpoint-Spam-Details-Enc": "AW1haW4tMjYwNTA1MDE5NSBTYWx0ZWRfX8AqPXKPkobWW\n 41ioDpGczy3ZSvvP0zqqNvJJcwhmYVv9ohj+IkUWOIyeJBQ5FlnmOg/TX0abELkixqmUj5pK980\n ZN+j+rVmPTY5GB1NtJcw7qwPQEtj9PdDFfU0DZKdsdr27jNEabYP+I/8hP4wpeufd5uofj7GV2m\n etqI0Yov1w6jmcw4xNYGEhyEnBfHwfjh9fv5CwqVQqzP9IxOl+IlWMOdAU8nAzdzC4KHkS9POc0\n FsRjvLIopZE/i7YGlyetVv2ZwQzs6cqW/x/NDTOtmyLe/wGI0ClzvgWiaKw2661x6F3eIxx/YyD\n Nh+Ee8/f0pRwceSlqC0NIGo846p9II8NmcnS4nyRWomGYYmwU1mwEBkwxKgbp8sd0og2o+bYso3\n ABPULYqm62XO0TD7GPHvn65ZuuSz2Sl0GhGbJTSjKRtVW67eo9ZMK4FE0+UtF+n/aBhfHpjgdeu\n jLrASIj3LAcywrrAH6Q==",
        "X-Authority-Analysis": "v=2.4 cv=UbFhjqSN c=1 sm=1 tr=0 ts=69fa50eb cx=c_pps\n a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17\n a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22\n a=U7nrCbtTmkRpXpFmAIza:22 a=VnNF1IyMAAAA:8 a=20KFwNOVAAAA:8\n a=uyvjcAWwEQu1yBn7KtoA:9",
        "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49\n definitions=2026-05-05_02,2026-04-30_02,2025-10-01_01",
        "X-Proofpoint-Spam-Details": "rule=outbound_notspam policy=outbound score=0\n clxscore=1015 spamscore=0 lowpriorityscore=0 malwarescore=0 suspectscore=0\n adultscore=0 priorityscore=1501 bulkscore=0 phishscore=0 impostorscore=0\n classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0\n reason=mlx scancount=1 engine=8.22.0-2604200000 definitions=main-2605050195",
        "Received-SPF": "pass client-ip=148.163.156.1; envelope-from=zycai@linux.ibm.com;\n helo=mx0a-001b2d01.pphosted.com",
        "X-Spam_score_int": "-26",
        "X-Spam_score": "-2.7",
        "X-Spam_bar": "--",
        "X-Spam_report": "(-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,\n RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no",
        "X-Spam_action": "no action",
        "X-BeenThere": "qemu-devel@nongnu.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "qemu development <qemu-devel.nongnu.org>",
        "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>",
        "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>",
        "List-Post": "<mailto:qemu-devel@nongnu.org>",
        "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>",
        "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>",
        "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org",
        "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"
    },
    "content": "Add secure-boot as a parameter of s390-ccw-virtio machine type option.\n\nThe `secure-boot=on|off` parameter is implemented to enable secure IPL.\n\nBy default, secure-boot is set to false if not specified in\nthe command line.\n\nSigned-off-by: Zhuoying Cai <zycai@linux.ibm.com>\nReviewed-by: Thomas Huth <thuth@redhat.com>\n---\n docs/system/s390x/secure-ipl.rst   | 22 +++++++++++++++++-----\n hw/s390x/s390-virtio-ccw.c         | 22 ++++++++++++++++++++++\n include/hw/s390x/s390-virtio-ccw.h |  1 +\n qemu-options.hx                    |  6 +++++-\n 4 files changed, 45 insertions(+), 6 deletions(-)",
    "diff": "diff --git a/docs/system/s390x/secure-ipl.rst b/docs/system/s390x/secure-ipl.rst\nindex cf6ccf5d57..9e3955f8fc 100644\n--- a/docs/system/s390x/secure-ipl.rst\n+++ b/docs/system/s390x/secure-ipl.rst\n@@ -19,20 +19,32 @@ Note: certificate files must have a .pem extension.\n \n     qemu-system-s390x -machine s390-ccw-virtio,boot-certs.0.path=/.../qemu/certs,boot-certs.1.path=/another/path/cert.pem ...\n \n+Enabling Secure IPL\n+^^^^^^^^^^^^^^^^^^^\n+\n+Secure IPL is enabled by explicitly setting ``secure-boot=on``; if not\n+specified, secure boot is considered off.\n+\n+.. code-block:: shell\n+\n+    qemu-system-s390x -machine s390-ccw-virtio,secure-boot=on|off\n+\n \n IPL Modes\n ---------\n \n Multiple IPL modes are available to differentiate between the various IPL\n-configurations. These modes are mutually exclusive and enabled based on the\n-``boot-certs`` option on the QEMU command line.\n+configurations. These modes are mutually exclusive and enabled based on specific\n+combinations of the ``secure-boot`` and ``boot-certs`` options on the QEMU\n+command line.\n \n Normal Mode\n ^^^^^^^^^^^\n \n-The absence of certificates will attempt to IPL a guest without secure IPL\n-operations. No checks are performed, and no warnings/errors are reported.\n-This is the default mode.\n+The absence of both certificates and the ``secure-boot`` option will attempt to\n+IPL a guest without secure IPL operations. No checks are performed, and no\n+warnings/errors are reported.  This is the default mode, and can be explicitly\n+enabled with ``secure-boot=off``.\n \n Configuration:\n \ndiff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c\nindex 39adb69cfd..4f429a72ac 100644\n--- a/hw/s390x/s390-virtio-ccw.c\n+++ b/hw/s390x/s390-virtio-ccw.c\n@@ -813,6 +813,21 @@ static void machine_set_boot_certs(Object *obj, Visitor *v, const char *name,\n     ms->boot_certs = cert_list;\n }\n \n+static inline bool machine_get_secure_boot(Object *obj, Error **errp)\n+{\n+    S390CcwMachineState *ms = S390_CCW_MACHINE(obj);\n+\n+    return ms->secure_boot;\n+}\n+\n+static inline void machine_set_secure_boot(Object *obj, bool value,\n+                                            Error **errp)\n+{\n+    S390CcwMachineState *ms = S390_CCW_MACHINE(obj);\n+\n+    ms->secure_boot = value;\n+}\n+\n  /*\n   * S390x-specific global compatibility properties.\n   *\n@@ -886,6 +901,13 @@ static void ccw_machine_class_init(ObjectClass *oc, const void *data)\n                               machine_get_boot_certs, machine_set_boot_certs, NULL, NULL);\n     object_class_property_set_description(oc, \"boot-certs\",\n             \"provide paths to a directory and/or a certificate file for secure boot\");\n+\n+    object_class_property_add_bool(oc, \"secure-boot\",\n+                                   machine_get_secure_boot,\n+                                   machine_set_secure_boot);\n+    object_class_property_set_description(oc, \"secure-boot\",\n+            \"enable/disable secure boot\");\n+\n }\n \n static inline void s390_machine_initfn(Object *obj)\ndiff --git a/include/hw/s390x/s390-virtio-ccw.h b/include/hw/s390x/s390-virtio-ccw.h\nindex 5ad1ea2f24..93a4c0ccad 100644\n--- a/include/hw/s390x/s390-virtio-ccw.h\n+++ b/include/hw/s390x/s390-virtio-ccw.h\n@@ -29,6 +29,7 @@ struct S390CcwMachineState {\n     bool aes_key_wrap;\n     bool dea_key_wrap;\n     bool pv;\n+    bool secure_boot;\n     uint8_t loadparm[8];\n     uint64_t memory_limit;\n     uint64_t max_pagesize;\ndiff --git a/qemu-options.hx b/qemu-options.hx\nindex 7f97a0d07e..342c913c30 100644\n--- a/qemu-options.hx\n+++ b/qemu-options.hx\n@@ -46,7 +46,8 @@ DEF(\"machine\", HAS_ARG, QEMU_OPTION_machine, \\\n     \"                cxl-fmw.0.targets.0=firsttarget,cxl-fmw.0.targets.1=secondtarget,cxl-fmw.0.size=size[,cxl-fmw.0.interleave-granularity=granularity]\\n\"\n     \"                sgx-epc.0.memdev=memid,sgx-epc.0.node=numaid\\n\"\n     \"                smp-cache.0.cache=cachename,smp-cache.0.topology=topologylevel\\n\"\n-    \"                boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file provides paths to a directory and/or a certificate file\\n\",\n+    \"                boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file provides paths to a directory and/or a certificate file\\n\"\n+    \"                secure-boot=on|off enable/disable secure boot (default=off) \\n\",\n     QEMU_ARCH_ALL)\n SRST\n ``-machine [type=]name[,prop=value[,...]]``\n@@ -213,6 +214,9 @@ SRST\n \n     ``boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file``\n         Provide paths to a directory and/or a certificate file on the host [s390x only].\n+\n+    ``secure-boot=on|off``\n+        Enables or disables secure boot on s390-ccw guest. The default is off.\n ERST\n \n DEF(\"M\", HAS_ARG, QEMU_OPTION_M,\n",
    "prefixes": [
        "v11",
        "25/32"
    ]
}