GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/2196069/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2196069,
    "url": "http://patchwork.ozlabs.org/api/patches/2196069/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260212204352.1044699-24-zycai@linux.ibm.com/",
    "project": {
        "id": 14,
        "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api",
        "name": "QEMU Development",
        "link_name": "qemu-devel",
        "list_id": "qemu-devel.nongnu.org",
        "list_email": "qemu-devel@nongnu.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260212204352.1044699-24-zycai@linux.ibm.com>",
    "list_archive_url": null,
    "date": "2026-02-12T20:43:44",
    "name": "[v8,23/30] Add secure-boot to s390-ccw-virtio machine type option",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "1c12f47f75d5b4a0498ccbf06ca37dc23474d6a8",
    "submitter": {
        "id": 90643,
        "url": "http://patchwork.ozlabs.org/api/people/90643/?format=api",
        "name": "Zhuoying Cai",
        "email": "zycai@linux.ibm.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260212204352.1044699-24-zycai@linux.ibm.com/mbox/",
    "series": [
        {
            "id": 492021,
            "url": "http://patchwork.ozlabs.org/api/series/492021/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=492021",
            "date": "2026-02-12T20:43:36",
            "name": "Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices",
            "version": 8,
            "mbox": "http://patchwork.ozlabs.org/series/492021/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2196069/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2196069/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256\n header.s=pp1 header.b=OV2CwxTD;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fBnP14fSZz1xpY\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 13 Feb 2026 07:45:09 +1100 (AEDT)",
            "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vqdYP-000180-Pa; Thu, 12 Feb 2026 15:44:49 -0500",
            "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <zycai@linux.ibm.com>)\n id 1vqdYN-00011n-Ez; Thu, 12 Feb 2026 15:44:47 -0500",
            "from mx0a-001b2d01.pphosted.com ([148.163.156.1])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <zycai@linux.ibm.com>)\n id 1vqdYL-00087i-Nf; Thu, 12 Feb 2026 15:44:47 -0500",
            "from pps.filterd (m0360083.ppops.net [127.0.0.1])\n by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id\n 61CDDTre3371925; Thu, 12 Feb 2026 20:44:42 GMT",
            "from ppma13.dal12v.mail.ibm.com\n (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221])\n by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4c696ur7xu-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);\n Thu, 12 Feb 2026 20:44:41 +0000 (GMT)",
            "from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1])\n by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id\n 61CHoHeP019221;\n Thu, 12 Feb 2026 20:44:41 GMT",
            "from smtprelay07.dal12v.mail.ibm.com ([172.16.1.9])\n by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4c6hxkbywu-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);\n Thu, 12 Feb 2026 20:44:40 +0000",
            "from smtpav06.wdc07v.mail.ibm.com (smtpav06.wdc07v.mail.ibm.com\n [10.39.53.233])\n by smtprelay07.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id\n 61CKidHd15925950\n (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);\n Thu, 12 Feb 2026 20:44:39 GMT",
            "from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1])\n by IMSVA (Postfix) with ESMTP id 7BBE258055;\n Thu, 12 Feb 2026 20:44:39 +0000 (GMT)",
            "from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1])\n by IMSVA (Postfix) with ESMTP id C644758054;\n Thu, 12 Feb 2026 20:44:37 +0000 (GMT)",
            "from fedora-workstation.ibmuc.com (unknown [9.61.112.15])\n by smtpav06.wdc07v.mail.ibm.com (Postfix) with ESMTP;\n Thu, 12 Feb 2026 20:44:37 +0000 (GMT)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc\n :content-transfer-encoding:date:from:in-reply-to:message-id\n :mime-version:references:subject:to; s=pp1; bh=LW9wc+ZZc+ZsBqRYD\n 6zimuqOhpgWlVxh6LaW87Ush7c=; b=OV2CwxTDUsBo4HLQOoSamT2wfZGD8mltF\n wFRYTgNPbVHFNC0UK9LyR8MYH+5i8eV9UgPt1vy5fjL37ZpRt4ngiiq9kUVSAn4T\n RYLm3KIxPXYtgCtgd+rrp1sgJT10w+mnRASJjVIx1EUwPXDGWcxRmHQqcA+0GoIG\n o9y83ayuPz5qFOT0w48aLQZMfeNFaYZiGRaJyQHmhDHkNi+WA7aCUQlbYK4u0rZb\n HAQ7+Wg7p2qZR2cT0xLKr5/VPUiBQcDmpsK+AZhkj9eBs9+ZJKLpxepe4TSdTwce\n Pq0p5FT4HiWnXBOPijw0SZlUHGP15jlHc5NTMKdkISi9o3/6LNGWg==",
        "From": "Zhuoying Cai <zycai@linux.ibm.com>",
        "To": "thuth@redhat.com, berrange@redhat.com, richard.henderson@linaro.org,\n jrossi@linux.ibm.com, qemu-s390x@nongnu.org, qemu-devel@nongnu.org",
        "Cc": "david@kernel.org, walling@linux.ibm.com, jjherne@linux.ibm.com,\n pasic@linux.ibm.com, borntraeger@linux.ibm.com, farman@linux.ibm.com,\n mjrosato@linux.ibm.com, iii@linux.ibm.com, eblake@redhat.com,\n armbru@redhat.com, zycai@linux.ibm.com, alifm@linux.ibm.com,\n brueckner@linux.ibm.com",
        "Subject": "[PATCH v8 23/30] Add secure-boot to s390-ccw-virtio machine type\n option",
        "Date": "Thu, 12 Feb 2026 15:43:44 -0500",
        "Message-ID": "<20260212204352.1044699-24-zycai@linux.ibm.com>",
        "X-Mailer": "git-send-email 2.52.0",
        "In-Reply-To": "<20260212204352.1044699-1-zycai@linux.ibm.com>",
        "References": "<20260212204352.1044699-1-zycai@linux.ibm.com>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "X-TM-AS-GCONF": "00",
        "X-Authority-Analysis": "v=2.4 cv=KZnfcAYD c=1 sm=1 tr=0 ts=698e3bb9 cx=c_pps\n a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17\n a=HzLeVaNsDn8A:10 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22\n a=GgsMoib0sEa3-_RKJdDe:22 a=VnNF1IyMAAAA:8 a=20KFwNOVAAAA:8\n a=uyvjcAWwEQu1yBn7KtoA:9",
        "X-Proofpoint-Spam-Details-Enc": "AW1haW4tMjYwMjEyMDE1NyBTYWx0ZWRfX+qG+xiJVkxG7\n 71e58njKuxNbep9HB5mbUTm62VhJwQA/CAgujYBZ5rkBgGpfIPSJWm4yWBcBckaUQzMgmpmllHZ\n nzIDA0cAK/uhef22sicIYk2YczV+5qzTdsnLAT6BrWA6pzU7H7DgnhnBdqlhftKHxhevqUrFY2a\n zVq9GeU991Jcub0EbpZ8wcQFF+Oa7PuAKBvRGGmTljl2ZDioiCLu4Q+jKJt2HnSaCIrcl+4QpZr\n 9z92YMHHqOdmE1kMz6wPk36EMta6KWAAjzq310foXcdy7YAb5XOR/ahtp+v380Th/Z4/EANYHOx\n xMTDjjFcNVpVKvaxPqoiWlpQDb4SshtjUTn9rfi7kx7jSDf2Jo8zCgHmWarhptu2OZ9S8KUYFZ9\n 9KYzdE2cbblfKMTfQd670bfLC5D53HodgE3RWvNp3JRYYQJqRHVFe24y5ozayurfVDNUP0MDseB\n 9qZQblXoRqFTuTq1PbA==",
        "X-Proofpoint-ORIG-GUID": "lip62zMrRre5CYQpugdH4VxwBkQarv4-",
        "X-Proofpoint-GUID": "lip62zMrRre5CYQpugdH4VxwBkQarv4-",
        "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49\n definitions=2026-02-12_05,2026-02-12_03,2025-10-01_01",
        "X-Proofpoint-Spam-Details": "rule=outbound_notspam policy=outbound score=0\n spamscore=0 impostorscore=0 bulkscore=0 priorityscore=1501 adultscore=0\n clxscore=1015 suspectscore=0 phishscore=0 malwarescore=0 lowpriorityscore=0\n classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0\n reason=mlx scancount=1 engine=8.22.0-2601150000 definitions=main-2602120157",
        "Received-SPF": "pass client-ip=148.163.156.1; envelope-from=zycai@linux.ibm.com;\n helo=mx0a-001b2d01.pphosted.com",
        "X-Spam_score_int": "-19",
        "X-Spam_score": "-2.0",
        "X-Spam_bar": "--",
        "X-Spam_report": "(-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001,\n RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no",
        "X-Spam_action": "no action",
        "X-BeenThere": "qemu-devel@nongnu.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "qemu development <qemu-devel.nongnu.org>",
        "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>",
        "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>",
        "List-Post": "<mailto:qemu-devel@nongnu.org>",
        "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>",
        "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>",
        "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org",
        "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"
    },
    "content": "Add secure-boot as a parameter of s390-ccw-virtio machine type option.\n\nThe `secure-boot=on|off` parameter is implemented to enable secure IPL.\n\nBy default, secure-boot is set to false if not specified in\nthe command line.\n\nSigned-off-by: Zhuoying Cai <zycai@linux.ibm.com>\nReviewed-by: Thomas Huth <thuth@redhat.com>\n---\n docs/system/s390x/secure-ipl.rst   | 22 +++++++++++++++++-----\n hw/s390x/s390-virtio-ccw.c         | 22 ++++++++++++++++++++++\n include/hw/s390x/s390-virtio-ccw.h |  1 +\n qemu-options.hx                    |  6 +++++-\n 4 files changed, 45 insertions(+), 6 deletions(-)",
    "diff": "diff --git a/docs/system/s390x/secure-ipl.rst b/docs/system/s390x/secure-ipl.rst\nindex 3a19b72085..2465f8b26d 100644\n--- a/docs/system/s390x/secure-ipl.rst\n+++ b/docs/system/s390x/secure-ipl.rst\n@@ -19,19 +19,31 @@ Note: certificate files must have a .pem extension.\n \n     qemu-system-s390x -machine s390-ccw-virtio,boot-certs.0.path=/.../qemu/certs,boot-certs.1.path=/another/path/cert.pem ...\n \n+Enabling Secure IPL\n+-------------------\n+\n+Secure IPL is enabled by explicitly setting ``secure-boot=on``; if not\n+specified, secure boot is considered off.\n+\n+.. code-block:: shell\n+\n+    qemu-system-s390x -machine s390-ccw-virtio,secure-boot=on|off\n+\n \n IPL Modes\n =========\n Multiple IPL modes are available to differentiate between the various IPL\n-configurations. These modes are mutually exclusive and enabled based on the\n-``boot-certs`` option on the QEMU command line.\n+configurations. These modes are mutually exclusive and enabled based on specific\n+combinations of the ``secure-boot`` and ``boot-certs`` options on the QEMU\n+command line.\n \n Normal Mode\n -----------\n \n-The absence of certificates will attempt to IPL a guest without secure IPL\n-operations. No checks are performed, and no warnings/errors are reported.\n-This is the default mode.\n+The absence of both certificates and the ``secure-boot`` option will attempt to\n+IPL a guest without secure IPL operations. No checks are performed, and no\n+warnings/errors are reported.  This is the default mode, and can be explicitly\n+enabled with ``secure-boot=off``.\n \n Configuration:\n \ndiff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c\nindex 9267563cbe..5e902e1989 100644\n--- a/hw/s390x/s390-virtio-ccw.c\n+++ b/hw/s390x/s390-virtio-ccw.c\n@@ -820,6 +820,21 @@ static void machine_set_boot_certs(Object *obj, Visitor *v, const char *name,\n     ms->boot_certs = cert_list;\n }\n \n+static inline bool machine_get_secure_boot(Object *obj, Error **errp)\n+{\n+    S390CcwMachineState *ms = S390_CCW_MACHINE(obj);\n+\n+    return ms->secure_boot;\n+}\n+\n+static inline void machine_set_secure_boot(Object *obj, bool value,\n+                                            Error **errp)\n+{\n+    S390CcwMachineState *ms = S390_CCW_MACHINE(obj);\n+\n+    ms->secure_boot = value;\n+}\n+\n static void ccw_machine_class_init(ObjectClass *oc, const void *data)\n {\n     MachineClass *mc = MACHINE_CLASS(oc);\n@@ -878,6 +893,13 @@ static void ccw_machine_class_init(ObjectClass *oc, const void *data)\n                               machine_get_boot_certs, machine_set_boot_certs, NULL, NULL);\n     object_class_property_set_description(oc, \"boot-certs\",\n             \"provide paths to a directory and/or a certificate file for secure boot\");\n+\n+    object_class_property_add_bool(oc, \"secure-boot\",\n+                                   machine_get_secure_boot,\n+                                   machine_set_secure_boot);\n+    object_class_property_set_description(oc, \"secure-boot\",\n+            \"enable/disable secure boot\");\n+\n }\n \n static inline void s390_machine_initfn(Object *obj)\ndiff --git a/include/hw/s390x/s390-virtio-ccw.h b/include/hw/s390x/s390-virtio-ccw.h\nindex 5ad1ea2f24..93a4c0ccad 100644\n--- a/include/hw/s390x/s390-virtio-ccw.h\n+++ b/include/hw/s390x/s390-virtio-ccw.h\n@@ -29,6 +29,7 @@ struct S390CcwMachineState {\n     bool aes_key_wrap;\n     bool dea_key_wrap;\n     bool pv;\n+    bool secure_boot;\n     uint8_t loadparm[8];\n     uint64_t memory_limit;\n     uint64_t max_pagesize;\ndiff --git a/qemu-options.hx b/qemu-options.hx\nindex 7c02220a5c..95570f902f 100644\n--- a/qemu-options.hx\n+++ b/qemu-options.hx\n@@ -46,7 +46,8 @@ DEF(\"machine\", HAS_ARG, QEMU_OPTION_machine, \\\n     \"                cxl-fmw.0.targets.0=firsttarget,cxl-fmw.0.targets.1=secondtarget,cxl-fmw.0.size=size[,cxl-fmw.0.interleave-granularity=granularity]\\n\"\n     \"                sgx-epc.0.memdev=memid,sgx-epc.0.node=numaid\\n\"\n     \"                smp-cache.0.cache=cachename,smp-cache.0.topology=topologylevel\\n\"\n-    \"                boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file provides paths to a directory and/or a certificate file\\n\",\n+    \"                boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file provides paths to a directory and/or a certificate file\\n\"\n+    \"                secure-boot=on|off enable/disable secure boot (default=off) \\n\",\n     QEMU_ARCH_ALL)\n SRST\n ``-machine [type=]name[,prop=value[,...]]``\n@@ -213,6 +214,9 @@ SRST\n \n     ``boot-certs.0.path=/path/directory,boot-certs.1.path=/path/file``\n         Provide paths to a directory and/or a certificate file on the host [s390x only].\n+\n+    ``secure-boot=on|off``\n+        Enables or disables secure boot on s390-ccw guest. The default is off.\n ERST\n \n DEF(\"M\", HAS_ARG, QEMU_OPTION_M,\n",
    "prefixes": [
        "v8",
        "23/30"
    ]
}