Message ID | 1560841387-920-1-git-send-email-frank.heimes@canonical.com |
---|---|
Headers | show |
Series | pkey: Indicate old mkvp only if old and current mkvp are different (LP: 1832625) | expand |
On 6/18/19 9:03 AM, frank.heimes@canonical.com wrote: > Buglink: https://bugs.launchpad.net/bugs/1832625 > > SRU Justification: > > [Impact] > > * 'zkey validate' shows wrong information about master key registers > > * this might lead to unsuccessful usage of pkeys, although the master key and the derived keys are correct > > [Fix] > > * ebb7c695d3bc7a4986b92edc8d9ef43491be183e ebb7c69 "pkey: Indicate old mkvp only if old and current mkvp are different" > > [Test Case] > > * set a CCA master key > > * generate a pkey > > * 'change' (or better set) the current CCA master key to the exact same master key again which is currently in use > > * execute a 'zkey validate' > > [Regression Potential] > > * The regression potential can be considered as very low since this is purely s390x specific > > * changes are limited to a single file (drivers/s390/crypto/pkey_api.c) > > * patch changes only one line (actually expands an if stmt) > > * and all this happens only in a very specific situation (in case a new master key was set, using the same key as before) > > [Other Info] > > * Problem was found during tests at IBM and is a so called 'preventive fix' > > Ingo Franzki (1): > From: Ingo Franzki <ifranzki@linux.ibm.com> > > drivers/s390/crypto/pkey_api.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Applied to {bionic,cosmic,disco}/master-next branch. Thanks, Kleber
Buglink: https://bugs.launchpad.net/bugs/1832625 SRU Justification: [Impact] * 'zkey validate' shows wrong information about master key registers * this might lead to unsuccessful usage of pkeys, although the master key and the derived keys are correct [Fix] * ebb7c695d3bc7a4986b92edc8d9ef43491be183e ebb7c69 "pkey: Indicate old mkvp only if old and current mkvp are different" [Test Case] * set a CCA master key * generate a pkey * 'change' (or better set) the current CCA master key to the exact same master key again which is currently in use * execute a 'zkey validate' [Regression Potential] * The regression potential can be considered as very low since this is purely s390x specific * changes are limited to a single file (drivers/s390/crypto/pkey_api.c) * patch changes only one line (actually expands an if stmt) * and all this happens only in a very specific situation (in case a new master key was set, using the same key as before) [Other Info] * Problem was found during tests at IBM and is a so called 'preventive fix' Ingo Franzki (1): From: Ingo Franzki <ifranzki@linux.ibm.com> drivers/s390/crypto/pkey_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)