From 30a2108bed49e94467d5d20858060f3730be5bc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= Date: Thu, 30 Jan 2025 10:33:34 +0100 Subject: [PATCH] - pvimg/genprotimg: Fix confidential dump support (RHEL-76912) - Resolves: RHEL-76912 --- s390utils-2.36.0-rhel.patch | 259 ++++++++++++++++++++---------------- s390utils.spec | 6 +- 2 files changed, 153 insertions(+), 112 deletions(-) diff --git a/s390utils-2.36.0-rhel.patch b/s390utils-2.36.0-rhel.patch index af086c4..cf9e69b 100644 --- a/s390utils-2.36.0-rhel.patch +++ b/s390utils-2.36.0-rhel.patch @@ -1,7 +1,7 @@ From c0c76b5735daa9690be297335d21181a70eaaded Mon Sep 17 00:00:00 2001 From: Eduard Shishkin Date: Mon, 16 Dec 2024 13:55:52 +0100 -Subject: [PATCH 01/31] zipl/src: Fix incorrect installation of zipl_helper.md +Subject: [PATCH 01/32] zipl/src: Fix incorrect installation of zipl_helper.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -41,14 +41,14 @@ index 7927974..39489e2 100644 clean: rm -f *.o $(zipl_helpers) $(chreipl_helpers) zipl zipl-editenv -- -2.47.1 +2.48.1 -From cd32b1c9ebc8d7efa955efd15ba7261e7b7fd083 Mon Sep 17 00:00:00 2001 +From aa82786e8fff07bdbfb762a61c3adbb54974fc9f Mon Sep 17 00:00:00 2001 From: Niklas Schnelle Date: Fri, 6 Dec 2024 15:28:08 +0100 -Subject: [PATCH 02/31] opticsmon: Fix runaway loop in on_link_change() - (RHEL-24153) +Subject: [PATCH 02/32] opticsmon: Fix runaway loop in on_link_change() + (RHEL-50024) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -111,14 +111,14 @@ index c2f355e..50dd8d7 100644 } -- -2.47.1 +2.48.1 -From 95f31c8471f9e6f353afca7da42bc3042472aa5d Mon Sep 17 00:00:00 2001 +From e5273d80532f577c6444f2237d5e9682d1edd503 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle Date: Mon, 9 Dec 2024 15:08:03 +0100 -Subject: [PATCH 03/31] libzpci: opticsmon: Refactor on_link_change() using new - zpci_find_by_netdev() (RHEL-24153) +Subject: [PATCH 03/32] libzpci: opticsmon: Refactor on_link_change() using new + zpci_find_by_netdev() (RHEL-50024) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -245,14 +245,14 @@ index 50dd8d7..7ecaa12 100644 #define MAX_EVENTS 8 -- -2.47.1 +2.48.1 -From 95277a7eac2391196e39548221c551b79dcbd77a Mon Sep 17 00:00:00 2001 +From eb05326c2b94059b2478e6796c74c24fa386f82a Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Wed, 11 Dec 2024 19:25:59 +0100 -Subject: [PATCH 04/31] rust/pvimg: Add '--(enable|disable)-image-encryption' - flags to 'pvimg create' (RHEL-70851) +Subject: [PATCH 04/32] rust/pvimg: Add '--(enable|disable)-image-encryption' + flags to 'pvimg create' (RHEL-70853) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -584,14 +584,14 @@ index b696d79..475d352 100644 if opt.no_component_check { warn!("The component check is turned off!"); -- -2.47.1 +2.48.1 -From 0bc601307846a7cdd667355dbae21c877d603e50 Mon Sep 17 00:00:00 2001 +From 186ee4569a78f72d59734a91489753bfebe40c4d Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Thu, 12 Dec 2024 20:19:55 +0100 -Subject: [PATCH 05/31] rust/pvimg/man: Document command line option aliases in - the manpages (RHEL-72022) +Subject: [PATCH 05/32] rust/pvimg/man: Document command line option aliases in + the manpages (RHEL-72023) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -652,14 +652,14 @@ index dae1cf1..6670704 100644 Use the content of FILE as a raw binary Linux kernel. The Linux kernel must be a raw binary s390x Linux kernel. The ELF format is not supported. -- -2.47.1 +2.48.1 -From 840452df23ebe54db82e8d0cf94352bddb758ed4 Mon Sep 17 00:00:00 2001 +From c8c8a569275df94ad5a24116238fa87df0b2d81a Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Thu, 12 Dec 2024 20:19:56 +0100 -Subject: [PATCH 06/31] rust/pvimg: Add '--cck ' command line option and - make '--comm-key' an alias (RHEL-72022) +Subject: [PATCH 06/32] rust/pvimg: Add '--cck ' command line option and + make '--comm-key' an alias (RHEL-72023) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -842,14 +842,14 @@ index 475d352..cc754a1 100644 if plaintext_flags.is_set(PcfV1::NoComponentEncryption) { -- -2.47.1 +2.48.1 -From 2a9d164010c0eaa6098083062ac0cdcb9be84b78 Mon Sep 17 00:00:00 2001 +From 9bf20b8a0cae953765952bd17fd1c7c14c0cafca Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Wed, 8 Jan 2025 12:33:05 +0100 -Subject: [PATCH 07/31] rust/pvimg: Document the change from '--comm-key' to - '--cck' in the help message (RHEL-72022) +Subject: [PATCH 07/32] rust/pvimg: Document the change from '--comm-key' to + '--cck' in the help message (RHEL-72023) This fixes problems when users search for '--comm-key' in the help message. @@ -879,14 +879,14 @@ index e622e1d..3e09a40 100644 pub cck: Option, -- -2.47.1 +2.48.1 -From fa2dcf81a6c002192f351040ff68f8d60370e93c Mon Sep 17 00:00:00 2001 +From 57e374d57c1994a33b662ab64df4253c4ded9e42 Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Fri, 6 Dec 2024 20:45:36 +0100 -Subject: [PATCH 08/31] rust/pvimg: Fix possible 'range start index out of - range for slice' error (RHEL-71821) +Subject: [PATCH 08/32] rust/pvimg: Fix possible 'range start index out of + range for slice' error (RHEL-71819) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -942,14 +942,14 @@ index f7ae1bc..ac3a2e6 100644 + } +} -- -2.47.1 +2.48.1 -From 979b4bad1653a7b897a43e8fe7ee393de77fc4e4 Mon Sep 17 00:00:00 2001 +From 651a5772fbf187a41ab3a8d6e3586c9e64f78753 Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Tue, 17 Dec 2024 12:20:30 +0100 -Subject: [PATCH 09/31] pvimg: Add '--hdr-key' command line option to 'pvimg - create' (RHEL-71821) +Subject: [PATCH 09/32] pvimg: Add '--hdr-key' command line option to 'pvimg + create' (RHEL-71819) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -1189,13 +1189,13 @@ index cc754a1..3e2ca65 100644 if plaintext_flags.is_set(PcfV1::NoComponentEncryption) { -- -2.47.1 +2.48.1 -From 9155c5e49a8fff05d479ddc81d8d25e819278803 Mon Sep 17 00:00:00 2001 +From bcae1bc89ed03f9a72500bd35fac0d1bd8835314 Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Wed, 18 Dec 2024 13:41:13 +0100 -Subject: [PATCH 10/31] rust/utils: mkdtemp: fix memory leak (RHEL-71821) +Subject: [PATCH 10/32] rust/utils: mkdtemp: fix memory leak (RHEL-71819) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -1245,14 +1245,14 @@ index 07acdba..883d558 100644 let path = std::path::PathBuf::from(path); -- -2.47.1 +2.48.1 -From e412cecd6ad9be261b17cf9ad64b786c7da58e4f Mon Sep 17 00:00:00 2001 +From 5731e64b117e6a4f869420accfd061401cbae1fc Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Tue, 17 Dec 2024 11:58:01 +0100 -Subject: [PATCH 11/31] rust/pvimg: Add upper estimates for the Secure - Execution header (RHEL-71821) +Subject: [PATCH 11/32] rust/pvimg: Add upper estimates for the Secure + Execution header (RHEL-71819) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -1584,14 +1584,14 @@ index b0ec355..c6ed956 100644 let iv = self.iv(); let tag = self.tag(); -- -2.47.1 +2.48.1 -From 1617c8482e0846a3afb4af2772011e4621442f58 Mon Sep 17 00:00:00 2001 +From edd5a9221b816a0902fbdfcbdf81e112216e7343 Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Tue, 17 Dec 2024 18:13:31 +0100 -Subject: [PATCH 12/31] pvimg: info: Rename '--key' into '--hdr-key' and use - '--key' as an alias (RHEL-71821) +Subject: [PATCH 12/32] pvimg: info: Rename '--key' into '--hdr-key' and use + '--key' as an alias (RHEL-71819) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -1690,13 +1690,13 @@ index 1ced054..2f593cf 100644 SymKey::try_from_data(hdr.key_type(), read_file(key_path, "Reading key")?.into())?; serde_json::to_writer_pretty(&mut output, &hdr.decrypt(&key)?)?; -- -2.47.1 +2.48.1 -From 78b388c1613724270ec34cef28b7be181f5e0db5 Mon Sep 17 00:00:00 2001 +From 8c77aa4332f4d0927ae95c4d9cfe2ad01637b845 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Thu, 18 Jul 2024 10:55:45 +0200 -Subject: [PATCH 13/31] rust/pvsecret: Refactor writing secret (RHEL-46894) +Subject: [PATCH 13/32] rust/pvsecret: Refactor writing secret (RHEL-50019) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -1842,14 +1842,14 @@ index 808b29e..9251c38 100644 Ok(()) } -- -2.47.1 +2.48.1 -From a5d58d0e6fd5d90ef12956ee7354a3f43d17f2ea Mon Sep 17 00:00:00 2001 +From b609941712792b9bc9f6636b05ea61dc7495a9d6 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Tue, 5 Mar 2024 10:46:29 +0100 -Subject: [PATCH 14/31] rust/pv: Support for writing data in PEM format - (RHEL-46894) +Subject: [PATCH 14/32] rust/pv: Support for writing data in PEM format + (RHEL-50019) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -2315,14 +2315,14 @@ index 0000000..e646251 + } +} -- -2.47.1 +2.48.1 -From 0f2055ca030a868e43e6076cba5cc9cc1277241c Mon Sep 17 00:00:00 2001 +From dc03ce51c588e0e08dbc160705107022a037e877 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Tue, 20 Feb 2024 14:50:47 +0100 -Subject: [PATCH 15/31] rust/pv_core: Update ffi.rs to linux/uvdevice.h v6.13 - (RHEL-46894) +Subject: [PATCH 15/32] rust/pv_core: Update ffi.rs to linux/uvdevice.h v6.13 + (RHEL-50019) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -2378,13 +2378,13 @@ index bbcc586..3d9998d 100644 /// Uvdevice IOCTL control block /// Programs can use this struct to communicate with the uvdevice via IOCTLs -- -2.47.1 +2.48.1 -From ad6a20789e0b02bdfe1d7a685b897639fc298c2f Mon Sep 17 00:00:00 2001 +From 5f858a87b24f6edb02bf21c6ea64ae97d52fa4e2 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Tue, 5 Mar 2024 11:56:57 +0100 -Subject: [PATCH 16/31] rust/pv_core: Retrieve Secret UVC (RHEL-46894) +Subject: [PATCH 16/32] rust/pv_core: Retrieve Secret UVC (RHEL-50019) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -2587,14 +2587,14 @@ index d20928b..0a8af50 100644 impl Display for SecretEntry { -- -2.47.1 +2.48.1 -From cf2fe8bed95ca8b6513d02a85b83504a68a2584b Mon Sep 17 00:00:00 2001 +From 983a6a46a142c60372d7580cd9d915d8b1f129a8 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Tue, 5 Mar 2024 12:16:44 +0100 -Subject: [PATCH 17/31] rust/pv_core: Support for listing Retrievable Secrets - (RHEL-46894) +Subject: [PATCH 17/32] rust/pv_core: Support for listing Retrievable Secrets + (RHEL-50019) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -3303,13 +3303,13 @@ index 0a8af50..4e95501 100644 + } } -- -2.47.1 +2.48.1 -From 67480b7219b711226352257bd2690448d9521c06 Mon Sep 17 00:00:00 2001 +From 19cfcdd3ba84cafaf0a66da79ea569a16ef125a1 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Tue, 5 Mar 2024 12:19:22 +0100 -Subject: [PATCH 18/31] rust/pv: Retrievable secrets support (RHEL-46894) +Subject: [PATCH 18/32] rust/pv: Retrievable secrets support (RHEL-50019) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -4185,13 +4185,13 @@ index 0000000..5fad016 + } +} -- -2.47.1 +2.48.1 -From ce872d9b3104209d2a8bee32fcc1b1f2f2e0e2ad Mon Sep 17 00:00:00 2001 +From 7e141f007ec9d5c80151ca41965e172d1001e6c2 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Fri, 13 Dec 2024 15:04:02 +0100 -Subject: [PATCH 19/31] rust/pvsecret: Improve CLI (RHEL-46894) +Subject: [PATCH 19/32] rust/pvsecret: Improve CLI (RHEL-50019) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -4285,14 +4285,14 @@ index 6deaaeb..c4b9f2b 100644 /// List all ultravisor secrets (s390x only). -- -2.47.1 +2.48.1 -From 1c97c4569b0521896927547d0c9581d7808f3905 Mon Sep 17 00:00:00 2001 +From 2682f1d8312e0e025f5857c750b5db76d8494b82 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Mon, 19 Feb 2024 15:15:16 +0100 -Subject: [PATCH 20/31] rust/pvsecret: Add support for retrievable secrets - (RHEL-46894) +Subject: [PATCH 20/32] rust/pvsecret: Add support for retrievable secrets + (RHEL-50019) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -4714,13 +4714,13 @@ index 502a6ea..883a3ee 100644 match res { -- -2.47.1 +2.48.1 -From bb6654ed02453ccd5bb87ca9938f06214351fe22 Mon Sep 17 00:00:00 2001 +From ce68ab33f157a2c0ba795a49178f8dda09cbc531 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Wed, 12 Jun 2024 16:23:31 +0200 -Subject: [PATCH 21/31] rust/pv_core: Refactor secret list (RHEL-46894) +Subject: [PATCH 21/32] rust/pv_core: Refactor secret list (RHEL-50019) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -5032,13 +5032,13 @@ index 4e95501..d7c268c 100644 ) } -- -2.47.1 +2.48.1 -From 6f5bd4d347f81b077b838ec907bd53d061680392 Mon Sep 17 00:00:00 2001 +From ad5bc2204a5a9dd6e1c7f99ba782786eafab15b8 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Wed, 12 Jun 2024 16:35:15 +0200 -Subject: [PATCH 22/31] rust/pv*: Support longer secret lists (RHEL-46894) +Subject: [PATCH 22/32] rust/pv*: Support longer secret lists (RHEL-50019) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -5148,14 +5148,14 @@ index 0bd9eca..56294ca 100644 } -- -2.47.1 +2.48.1 -From 0036b024950309a2953a3375daaa3b046c360a9b Mon Sep 17 00:00:00 2001 +From 775f21569bb9b581037102888ee11adf6f7ab82a Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Mon, 5 Aug 2024 09:34:47 +0200 -Subject: [PATCH 23/31] rust/pv*: Allow the use of non-hashes secret IDs - (RHEL-46894) +Subject: [PATCH 23/32] rust/pv*: Allow the use of non-hashes secret IDs + (RHEL-50019) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -5541,13 +5541,13 @@ index 7f7704c..ad3e91c 100644 let retr_secret = -- -2.47.1 +2.48.1 -From cd2f4deb6e180adf0f09afe808a05bab5e4526c3 Mon Sep 17 00:00:00 2001 +From 266c7a076596bf3f5cf05ed7f03504c6b51e53fa Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Tue, 22 Oct 2024 17:53:17 +0200 -Subject: [PATCH 24/31] rust/pvsecret: Update manuals and README (RHEL-46894) +Subject: [PATCH 24/32] rust/pvsecret: Update manuals and README (RHEL-50019) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -6753,14 +6753,14 @@ index b2a1d0f..e8cb132 100644 -\fBpvsecret-create\fR(1) \fBpvsecret-add\fR(1) \fBpvsecret-lock\fR(1) \fBpvsecret-list\fR(1) \fBpvsecret-verify\fR(1) +\fBpvsecret-create\fR(1) \fBpvsecret-add\fR(1) \fBpvsecret-lock\fR(1) \fBpvsecret-list\fR(1) \fBpvsecret-verify\fR(1) \fBpvsecret-retrieve\fR(1) -- -2.47.1 +2.48.1 -From 2f531935c1dab94336e6e197d9fdb9bcb54ff9ad Mon Sep 17 00:00:00 2001 +From 470a396a39f890e0098af7dc3fb78977fa5e0386 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Thu, 15 Feb 2024 09:08:43 +0100 -Subject: [PATCH 25/31] zkey: Add support for retrieving a list of ultravisor - secrets (RHEL-23870) +Subject: [PATCH 25/32] zkey: Add support for retrieving a list of ultravisor + secrets (RHEL-50010) Add functions to interface with the ultravisor device (/dev/uv) when running in a secure execution guest to retrieve a list of available @@ -7058,13 +7058,13 @@ index 0000000..2667e85 + +#endif -- -2.47.1 +2.48.1 -From 99bd7f51d41763cc7135169a90f12f4a7df3d3f2 Mon Sep 17 00:00:00 2001 +From 87406fcdcee389bce8a502720d188ce679e33e37 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Thu, 15 Feb 2024 11:22:04 +0100 -Subject: [PATCH 26/31] zkey: Add the 'pvsecrets list' command (RHEL-23870) +Subject: [PATCH 26/32] zkey: Add the 'pvsecrets list' command (RHEL-50010) The 'pvsecrets list' command lists the available protected virtualization secrets. By default, only those pvsecret types are listed, that can be used @@ -7886,13 +7886,13 @@ index 7c909ff..adc48d6 100644 keystore_free(g.keystore); if (g.kms_options != NULL) -- -2.47.1 +2.48.1 -From 3b4fce7cdd079732235da5e01033497752963360 Mon Sep 17 00:00:00 2001 +From fca9ad17955150fe4f2ab13e05077f99bf01e08c Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Thu, 15 Feb 2024 16:56:04 +0100 -Subject: [PATCH 27/31] zkey: Add PVSECRETS-AES key type (RHEL-23870) +Subject: [PATCH 27/32] zkey: Add PVSECRETS-AES key type (RHEL-50010) Add the definitions and utility functions for the PVSECRETS-AES key type. A PVSECRETS-AES key token contains the secret id of a protected @@ -8231,13 +8231,13 @@ index 6acebfd..ad84403 100644 struct uvio_list_secret_entry { -- -2.47.1 +2.48.1 -From 77a419bf5b575f09c7958bc5656cf1e0039be115 Mon Sep 17 00:00:00 2001 +From 19f64cb8200302b892288aae814adf4724dc3709 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Thu, 15 Feb 2024 15:14:04 +0100 -Subject: [PATCH 28/31] zkey: Add the 'pvsecrets import' command (RHEL-23870) +Subject: [PATCH 28/32] zkey: Add the 'pvsecrets import' command (RHEL-50010) The 'pvsecrets import' command imports a protected virtualization secret into the zkey key repository. Like other key import or key generation @@ -9020,14 +9020,14 @@ index adc48d6..6e9b32a 100644 * Opens the keystore. The keystore directory is either the * default directory or as specified in an environment variable -- -2.47.1 +2.48.1 -From b20ebd7b65190b261aee21fcfcbd659d5951f9f4 Mon Sep 17 00:00:00 2001 +From 653feaf3fc9b65689945adce6210c23446ef5fc7 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Mon, 19 Feb 2024 10:21:06 +0100 -Subject: [PATCH 29/31] zkey: Reject key generation and APQN association for - PVSECRET-AES keys (RHEL-23870) +Subject: [PATCH 29/32] zkey: Reject key generation and APQN association for + PVSECRET-AES keys (RHEL-50010) Keys of type PVSECRET-AES can not be generated using 'zkey generate'. Furthermore, APQNs can not be associated with keys of type PVSECRET-AES @@ -9162,14 +9162,14 @@ index 6e9b32a..36bdbcc 100644 if (g.volumes != NULL) { warnx("Option '--volumes|-l' is not valid for " -- -2.47.1 +2.48.1 -From 9a1bfa5a9977eef50956d588b736392aa2242578 Mon Sep 17 00:00:00 2001 +From 8eac49d0091a4e07fc82048f6c30d2ef5edaa46c Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Mon, 19 Feb 2024 11:26:41 +0100 -Subject: [PATCH 30/31] zkey: Reject re-enciphering of PVSECRET-AES keys - (RHEL-23870) +Subject: [PATCH 30/32] zkey: Reject re-enciphering of PVSECRET-AES keys + (RHEL-50010) Keys of type PVSECRET-AES can not be reenciphered using 'zkey reencipher' or 'zkey-cryptsetup reencipher'. Reject that with a proper error message. @@ -9313,14 +9313,14 @@ index 36bdbcc..90b4610 100644 &is_old_mk, NULL, g.verbose); if (rc != 0) { -- -2.47.1 +2.48.1 -From 48ab37947ccda570e98aa046f2c28c11fdd59bdf Mon Sep 17 00:00:00 2001 +From bc40f08c3ce8bb6a9bf12336505ca49714382ee2 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Mon, 19 Feb 2024 10:25:54 +0100 -Subject: [PATCH 31/31] zkey: Support validation of key of type PVSECRET-AES - (RHEL-23870) +Subject: [PATCH 31/32] zkey: Support validation of key of type PVSECRET-AES + (RHEL-50010) Keys of type PVSECRET-AES can also be verified via the pkey IOCTL PKEY_VERIFYKEY2, but the card and domain fields must be zero, because such @@ -9726,5 +9726,42 @@ index 90b4610..39a527c 100644 out: -- -2.47.1 +2.48.1 + + +From 526ff818dcf7b976d801ee5f5c1eb63f5f4256b5 Mon Sep 17 00:00:00 2001 +From: Jakob Naucke +Date: Wed, 15 Jan 2025 17:36:01 +0100 +Subject: [PATCH 32/32] rust/pvimg: Fix flag parsing for allowing dump + (RHEL-76912) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Parsing of pvimg flags did not pick up allowing dumping correctly. + +Fixes: f4cf4ae6ebb1 (rust: Add a new tool called 'pvimg') +Reviewed-by: Marc Hartmayer +Signed-off-by: Jakob Naucke +Signed-off-by: Jan Höppner +(cherry picked from commit caaf2b2116235d282c2561f0bf6f62b0033c78c4) +--- + rust/pvimg/src/cmd/create.rs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rust/pvimg/src/cmd/create.rs b/rust/pvimg/src/cmd/create.rs +index 3e2ca65..c9d3974 100644 +--- a/rust/pvimg/src/cmd/create.rs ++++ b/rust/pvimg/src/cmd/create.rs +@@ -55,7 +55,7 @@ fn parse_flags( + .and(Some(PcfV1::all_disabled([PcfV1::AllowDumping]))), + lf.enable_dump + .filter(|x| *x) +- .and(Some(PcfV1::all_disabled([PcfV1::AllowDumping]))), ++ .and(Some(PcfV1::all_enabled([PcfV1::AllowDumping]))), + lf.disable_pckmo + .filter(|x| *x) + .and(Some(PcfV1::all_disabled([ +-- +2.48.1 diff --git a/s390utils.spec b/s390utils.spec index 702386d..1db8a7a 100644 --- a/s390utils.spec +++ b/s390utils.spec @@ -15,7 +15,7 @@ Name: s390utils Summary: Utilities and daemons for IBM z Systems Version: 2.36.0 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 2 License: MIT URL: https://github.com/ibm-s390-linux/s390-tools @@ -1085,6 +1085,10 @@ User-space development files for the s390/s390x architecture. %changelog +* Thu Jan 30 2025 Dan Horák - 2:2.36.0-2 +- pvimg/genprotimg: Fix confidential dump support (RHEL-76912) +- Resolves: RHEL-76912 + * Fri Jan 17 2025 Dan Horák - 2:2.36.0-1 - rebased to 2.36.0 (RHEL-50026) - cpacfinfo: new tool to provide CPACF information (RHEL-50020)