| Message ID | 20240111102852.61596-1-stefan.bader@canonical.com |
|---|---|
| Headers | show |
| Series | Fix secure execution regression on s390x | expand |
On Thu, Jan 11, 2024 at 11:28:51AM +0100, Stefan Bader wrote: > == SRU Justification == > > Impact: To allow secure execution the S390X_UV_UAPI driver is a critical > requirement. For 22.04/Jammy LTS we backported the driver and enabled it > as built-in. It seems 22.10/Kinetic also had this enabled. But then in > later releases this option flipped back to 'n'. > > Fix: Turn this back on (built-in) in the annotation file. Note, this > patch is made against Mantic. Noble and Unstable might need adjustments. > > Test case (on a s390x instance): > #> cat /boot/config-$(uname -r) | grep UV_UAPI > CONFIG_S390X_UV_UAPI=y > > Regression potential: If anything goes wrong, then likeliy within secure > execution bounds. Acked-by: Andrea Righi <andrea.righi@canonical.com>
On 11/01/2024 11:28, Stefan Bader wrote: > == SRU Justification == > > Impact: To allow secure execution the S390X_UV_UAPI driver is a critical > requirement. For 22.04/Jammy LTS we backported the driver and enabled it > as built-in. It seems 22.10/Kinetic also had this enabled. But then in > later releases this option flipped back to 'n'. > > Fix: Turn this back on (built-in) in the annotation file. Note, this > patch is made against Mantic. Noble and Unstable might need adjustments. > > Test case (on a s390x instance): > #> cat /boot/config-$(uname -r) | grep UV_UAPI > CONFIG_S390X_UV_UAPI=y > > Regression potential: If anything goes wrong, then likeliy within secure > execution bounds. > > Stefan Bader (1): > UBUNTU: [Config] Enable S390_UV_UAPI (built-in) > > debian.master/config/annotations | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
On 24/01/11 11:28AM, Stefan Bader wrote: > == SRU Justification == > > Impact: To allow secure execution the S390X_UV_UAPI driver is a critical > requirement. For 22.04/Jammy LTS we backported the driver and enabled it > as built-in. It seems 22.10/Kinetic also had this enabled. But then in > later releases this option flipped back to 'n'. > > Fix: Turn this back on (built-in) in the annotation file. Note, this > patch is made against Mantic. Noble and Unstable might need adjustments. > > Test case (on a s390x instance): > #> cat /boot/config-$(uname -r) | grep UV_UAPI > CONFIG_S390X_UV_UAPI=y > > Regression potential: If anything goes wrong, then likeliy within secure > execution bounds. > > Stefan Bader (1): > UBUNTU: [Config] Enable S390_UV_UAPI (built-in) > > debian.master/config/annotations | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
On 11/01/2024 11:28, Stefan Bader wrote: > == SRU Justification == > > Impact: To allow secure execution the S390X_UV_UAPI driver is a critical > requirement. For 22.04/Jammy LTS we backported the driver and enabled it > as built-in. It seems 22.10/Kinetic also had this enabled. But then in > later releases this option flipped back to 'n'. > > Fix: Turn this back on (built-in) in the annotation file. Note, this > patch is made against Mantic. Noble and Unstable might need adjustments. > > Test case (on a s390x instance): > #> cat /boot/config-$(uname -r) | grep UV_UAPI > CONFIG_S390X_UV_UAPI=y > > Regression potential: If anything goes wrong, then likeliy within secure > execution bounds. > > Stefan Bader (1): > UBUNTU: [Config] Enable S390_UV_UAPI (built-in) > > debian.master/config/annotations | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > Applied to mantic master-next branch. Thanks!
On 11.01.24 11:28, Stefan Bader wrote: > == SRU Justification == > > Impact: To allow secure execution the S390X_UV_UAPI driver is a critical > requirement. For 22.04/Jammy LTS we backported the driver and enabled it > as built-in. It seems 22.10/Kinetic also had this enabled. But then in > later releases this option flipped back to 'n'. > > Fix: Turn this back on (built-in) in the annotation file. Note, this > patch is made against Mantic. Noble and Unstable might need adjustments. > > Test case (on a s390x instance): > #> cat /boot/config-$(uname -r) | grep UV_UAPI > CONFIG_S390X_UV_UAPI=y > > Regression potential: If anything goes wrong, then likeliy within secure > execution bounds. > > Stefan Bader (1): > UBUNTU: [Config] Enable S390_UV_UAPI (built-in) > > debian.master/config/annotations | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > Applied to noble:linux/master-next by Andrea. Thanks. -Stefan