From a67d93c443881894f815640e1332c78def45258a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= Date: Thu, 30 Jan 2025 10:30:11 +0100 Subject: [PATCH] - pvimg/genprotimg: Fix confidential dump support (RHEL-76913) - Resolves: RHEL-76913 --- s390utils-2.36.0-rhel.patch | 161 ++++++++++++++++++++++-------------- s390utils.spec | 6 +- 2 files changed, 104 insertions(+), 63 deletions(-) diff --git a/s390utils-2.36.0-rhel.patch b/s390utils-2.36.0-rhel.patch index af086c4..79da50b 100644 --- a/s390utils-2.36.0-rhel.patch +++ b/s390utils-2.36.0-rhel.patch @@ -1,7 +1,7 @@ From c0c76b5735daa9690be297335d21181a70eaaded Mon Sep 17 00:00:00 2001 From: Eduard Shishkin Date: Mon, 16 Dec 2024 13:55:52 +0100 -Subject: [PATCH 01/31] zipl/src: Fix incorrect installation of zipl_helper.md +Subject: [PATCH 01/32] zipl/src: Fix incorrect installation of zipl_helper.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -41,13 +41,13 @@ index 7927974..39489e2 100644 clean: rm -f *.o $(zipl_helpers) $(chreipl_helpers) zipl zipl-editenv -- -2.47.1 +2.48.1 From cd32b1c9ebc8d7efa955efd15ba7261e7b7fd083 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle Date: Fri, 6 Dec 2024 15:28:08 +0100 -Subject: [PATCH 02/31] opticsmon: Fix runaway loop in on_link_change() +Subject: [PATCH 02/32] opticsmon: Fix runaway loop in on_link_change() (RHEL-24153) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -111,13 +111,13 @@ index c2f355e..50dd8d7 100644 } -- -2.47.1 +2.48.1 From 95f31c8471f9e6f353afca7da42bc3042472aa5d Mon Sep 17 00:00:00 2001 From: Niklas Schnelle Date: Mon, 9 Dec 2024 15:08:03 +0100 -Subject: [PATCH 03/31] libzpci: opticsmon: Refactor on_link_change() using new +Subject: [PATCH 03/32] libzpci: opticsmon: Refactor on_link_change() using new zpci_find_by_netdev() (RHEL-24153) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -245,13 +245,13 @@ index 50dd8d7..7ecaa12 100644 #define MAX_EVENTS 8 -- -2.47.1 +2.48.1 From 95277a7eac2391196e39548221c551b79dcbd77a Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Wed, 11 Dec 2024 19:25:59 +0100 -Subject: [PATCH 04/31] rust/pvimg: Add '--(enable|disable)-image-encryption' +Subject: [PATCH 04/32] rust/pvimg: Add '--(enable|disable)-image-encryption' flags to 'pvimg create' (RHEL-70851) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -584,13 +584,13 @@ index b696d79..475d352 100644 if opt.no_component_check { warn!("The component check is turned off!"); -- -2.47.1 +2.48.1 From 0bc601307846a7cdd667355dbae21c877d603e50 Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Thu, 12 Dec 2024 20:19:55 +0100 -Subject: [PATCH 05/31] rust/pvimg/man: Document command line option aliases in +Subject: [PATCH 05/32] rust/pvimg/man: Document command line option aliases in the manpages (RHEL-72022) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -652,13 +652,13 @@ index dae1cf1..6670704 100644 Use the content of FILE as a raw binary Linux kernel. The Linux kernel must be a raw binary s390x Linux kernel. The ELF format is not supported. -- -2.47.1 +2.48.1 From 840452df23ebe54db82e8d0cf94352bddb758ed4 Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Thu, 12 Dec 2024 20:19:56 +0100 -Subject: [PATCH 06/31] rust/pvimg: Add '--cck ' command line option and +Subject: [PATCH 06/32] rust/pvimg: Add '--cck ' command line option and make '--comm-key' an alias (RHEL-72022) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -842,13 +842,13 @@ index 475d352..cc754a1 100644 if plaintext_flags.is_set(PcfV1::NoComponentEncryption) { -- -2.47.1 +2.48.1 From 2a9d164010c0eaa6098083062ac0cdcb9be84b78 Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Wed, 8 Jan 2025 12:33:05 +0100 -Subject: [PATCH 07/31] rust/pvimg: Document the change from '--comm-key' to +Subject: [PATCH 07/32] rust/pvimg: Document the change from '--comm-key' to '--cck' in the help message (RHEL-72022) This fixes problems when users search for '--comm-key' in the help @@ -879,13 +879,13 @@ index e622e1d..3e09a40 100644 pub cck: Option, -- -2.47.1 +2.48.1 From fa2dcf81a6c002192f351040ff68f8d60370e93c Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Fri, 6 Dec 2024 20:45:36 +0100 -Subject: [PATCH 08/31] rust/pvimg: Fix possible 'range start index out of +Subject: [PATCH 08/32] rust/pvimg: Fix possible 'range start index out of range for slice' error (RHEL-71821) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -942,13 +942,13 @@ index f7ae1bc..ac3a2e6 100644 + } +} -- -2.47.1 +2.48.1 From 979b4bad1653a7b897a43e8fe7ee393de77fc4e4 Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Tue, 17 Dec 2024 12:20:30 +0100 -Subject: [PATCH 09/31] pvimg: Add '--hdr-key' command line option to 'pvimg +Subject: [PATCH 09/32] pvimg: Add '--hdr-key' command line option to 'pvimg create' (RHEL-71821) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -1189,13 +1189,13 @@ index cc754a1..3e2ca65 100644 if plaintext_flags.is_set(PcfV1::NoComponentEncryption) { -- -2.47.1 +2.48.1 From 9155c5e49a8fff05d479ddc81d8d25e819278803 Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Wed, 18 Dec 2024 13:41:13 +0100 -Subject: [PATCH 10/31] rust/utils: mkdtemp: fix memory leak (RHEL-71821) +Subject: [PATCH 10/32] rust/utils: mkdtemp: fix memory leak (RHEL-71821) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -1245,13 +1245,13 @@ index 07acdba..883d558 100644 let path = std::path::PathBuf::from(path); -- -2.47.1 +2.48.1 From e412cecd6ad9be261b17cf9ad64b786c7da58e4f Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Tue, 17 Dec 2024 11:58:01 +0100 -Subject: [PATCH 11/31] rust/pvimg: Add upper estimates for the Secure +Subject: [PATCH 11/32] rust/pvimg: Add upper estimates for the Secure Execution header (RHEL-71821) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -1584,13 +1584,13 @@ index b0ec355..c6ed956 100644 let iv = self.iv(); let tag = self.tag(); -- -2.47.1 +2.48.1 From 1617c8482e0846a3afb4af2772011e4621442f58 Mon Sep 17 00:00:00 2001 From: Marc Hartmayer Date: Tue, 17 Dec 2024 18:13:31 +0100 -Subject: [PATCH 12/31] pvimg: info: Rename '--key' into '--hdr-key' and use +Subject: [PATCH 12/32] pvimg: info: Rename '--key' into '--hdr-key' and use '--key' as an alias (RHEL-71821) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -1690,13 +1690,13 @@ index 1ced054..2f593cf 100644 SymKey::try_from_data(hdr.key_type(), read_file(key_path, "Reading key")?.into())?; serde_json::to_writer_pretty(&mut output, &hdr.decrypt(&key)?)?; -- -2.47.1 +2.48.1 From 78b388c1613724270ec34cef28b7be181f5e0db5 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Thu, 18 Jul 2024 10:55:45 +0200 -Subject: [PATCH 13/31] rust/pvsecret: Refactor writing secret (RHEL-46894) +Subject: [PATCH 13/32] rust/pvsecret: Refactor writing secret (RHEL-46894) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -1842,13 +1842,13 @@ index 808b29e..9251c38 100644 Ok(()) } -- -2.47.1 +2.48.1 From a5d58d0e6fd5d90ef12956ee7354a3f43d17f2ea Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Tue, 5 Mar 2024 10:46:29 +0100 -Subject: [PATCH 14/31] rust/pv: Support for writing data in PEM format +Subject: [PATCH 14/32] rust/pv: Support for writing data in PEM format (RHEL-46894) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -2315,13 +2315,13 @@ index 0000000..e646251 + } +} -- -2.47.1 +2.48.1 From 0f2055ca030a868e43e6076cba5cc9cc1277241c Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Tue, 20 Feb 2024 14:50:47 +0100 -Subject: [PATCH 15/31] rust/pv_core: Update ffi.rs to linux/uvdevice.h v6.13 +Subject: [PATCH 15/32] rust/pv_core: Update ffi.rs to linux/uvdevice.h v6.13 (RHEL-46894) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -2378,13 +2378,13 @@ index bbcc586..3d9998d 100644 /// Uvdevice IOCTL control block /// Programs can use this struct to communicate with the uvdevice via IOCTLs -- -2.47.1 +2.48.1 From ad6a20789e0b02bdfe1d7a685b897639fc298c2f Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Tue, 5 Mar 2024 11:56:57 +0100 -Subject: [PATCH 16/31] rust/pv_core: Retrieve Secret UVC (RHEL-46894) +Subject: [PATCH 16/32] rust/pv_core: Retrieve Secret UVC (RHEL-46894) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -2587,13 +2587,13 @@ index d20928b..0a8af50 100644 impl Display for SecretEntry { -- -2.47.1 +2.48.1 From cf2fe8bed95ca8b6513d02a85b83504a68a2584b Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Tue, 5 Mar 2024 12:16:44 +0100 -Subject: [PATCH 17/31] rust/pv_core: Support for listing Retrievable Secrets +Subject: [PATCH 17/32] rust/pv_core: Support for listing Retrievable Secrets (RHEL-46894) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -3303,13 +3303,13 @@ index 0a8af50..4e95501 100644 + } } -- -2.47.1 +2.48.1 From 67480b7219b711226352257bd2690448d9521c06 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Tue, 5 Mar 2024 12:19:22 +0100 -Subject: [PATCH 18/31] rust/pv: Retrievable secrets support (RHEL-46894) +Subject: [PATCH 18/32] rust/pv: Retrievable secrets support (RHEL-46894) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -4185,13 +4185,13 @@ index 0000000..5fad016 + } +} -- -2.47.1 +2.48.1 From ce872d9b3104209d2a8bee32fcc1b1f2f2e0e2ad Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Fri, 13 Dec 2024 15:04:02 +0100 -Subject: [PATCH 19/31] rust/pvsecret: Improve CLI (RHEL-46894) +Subject: [PATCH 19/32] rust/pvsecret: Improve CLI (RHEL-46894) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -4285,13 +4285,13 @@ index 6deaaeb..c4b9f2b 100644 /// List all ultravisor secrets (s390x only). -- -2.47.1 +2.48.1 From 1c97c4569b0521896927547d0c9581d7808f3905 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Mon, 19 Feb 2024 15:15:16 +0100 -Subject: [PATCH 20/31] rust/pvsecret: Add support for retrievable secrets +Subject: [PATCH 20/32] rust/pvsecret: Add support for retrievable secrets (RHEL-46894) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -4714,13 +4714,13 @@ index 502a6ea..883a3ee 100644 match res { -- -2.47.1 +2.48.1 From bb6654ed02453ccd5bb87ca9938f06214351fe22 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Wed, 12 Jun 2024 16:23:31 +0200 -Subject: [PATCH 21/31] rust/pv_core: Refactor secret list (RHEL-46894) +Subject: [PATCH 21/32] rust/pv_core: Refactor secret list (RHEL-46894) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -5032,13 +5032,13 @@ index 4e95501..d7c268c 100644 ) } -- -2.47.1 +2.48.1 From 6f5bd4d347f81b077b838ec907bd53d061680392 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Wed, 12 Jun 2024 16:35:15 +0200 -Subject: [PATCH 22/31] rust/pv*: Support longer secret lists (RHEL-46894) +Subject: [PATCH 22/32] rust/pv*: Support longer secret lists (RHEL-46894) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -5148,13 +5148,13 @@ index 0bd9eca..56294ca 100644 } -- -2.47.1 +2.48.1 From 0036b024950309a2953a3375daaa3b046c360a9b Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Mon, 5 Aug 2024 09:34:47 +0200 -Subject: [PATCH 23/31] rust/pv*: Allow the use of non-hashes secret IDs +Subject: [PATCH 23/32] rust/pv*: Allow the use of non-hashes secret IDs (RHEL-46894) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -5541,13 +5541,13 @@ index 7f7704c..ad3e91c 100644 let retr_secret = -- -2.47.1 +2.48.1 From cd2f4deb6e180adf0f09afe808a05bab5e4526c3 Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Tue, 22 Oct 2024 17:53:17 +0200 -Subject: [PATCH 24/31] rust/pvsecret: Update manuals and README (RHEL-46894) +Subject: [PATCH 24/32] rust/pvsecret: Update manuals and README (RHEL-46894) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -6753,13 +6753,13 @@ index b2a1d0f..e8cb132 100644 -\fBpvsecret-create\fR(1) \fBpvsecret-add\fR(1) \fBpvsecret-lock\fR(1) \fBpvsecret-list\fR(1) \fBpvsecret-verify\fR(1) +\fBpvsecret-create\fR(1) \fBpvsecret-add\fR(1) \fBpvsecret-lock\fR(1) \fBpvsecret-list\fR(1) \fBpvsecret-verify\fR(1) \fBpvsecret-retrieve\fR(1) -- -2.47.1 +2.48.1 From 2f531935c1dab94336e6e197d9fdb9bcb54ff9ad Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Thu, 15 Feb 2024 09:08:43 +0100 -Subject: [PATCH 25/31] zkey: Add support for retrieving a list of ultravisor +Subject: [PATCH 25/32] zkey: Add support for retrieving a list of ultravisor secrets (RHEL-23870) Add functions to interface with the ultravisor device (/dev/uv) when @@ -7058,13 +7058,13 @@ index 0000000..2667e85 + +#endif -- -2.47.1 +2.48.1 From 99bd7f51d41763cc7135169a90f12f4a7df3d3f2 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Thu, 15 Feb 2024 11:22:04 +0100 -Subject: [PATCH 26/31] zkey: Add the 'pvsecrets list' command (RHEL-23870) +Subject: [PATCH 26/32] zkey: Add the 'pvsecrets list' command (RHEL-23870) The 'pvsecrets list' command lists the available protected virtualization secrets. By default, only those pvsecret types are listed, that can be used @@ -7886,13 +7886,13 @@ index 7c909ff..adc48d6 100644 keystore_free(g.keystore); if (g.kms_options != NULL) -- -2.47.1 +2.48.1 From 3b4fce7cdd079732235da5e01033497752963360 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Thu, 15 Feb 2024 16:56:04 +0100 -Subject: [PATCH 27/31] zkey: Add PVSECRETS-AES key type (RHEL-23870) +Subject: [PATCH 27/32] zkey: Add PVSECRETS-AES key type (RHEL-23870) Add the definitions and utility functions for the PVSECRETS-AES key type. A PVSECRETS-AES key token contains the secret id of a protected @@ -8231,13 +8231,13 @@ index 6acebfd..ad84403 100644 struct uvio_list_secret_entry { -- -2.47.1 +2.48.1 From 77a419bf5b575f09c7958bc5656cf1e0039be115 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Thu, 15 Feb 2024 15:14:04 +0100 -Subject: [PATCH 28/31] zkey: Add the 'pvsecrets import' command (RHEL-23870) +Subject: [PATCH 28/32] zkey: Add the 'pvsecrets import' command (RHEL-23870) The 'pvsecrets import' command imports a protected virtualization secret into the zkey key repository. Like other key import or key generation @@ -9020,13 +9020,13 @@ index adc48d6..6e9b32a 100644 * Opens the keystore. The keystore directory is either the * default directory or as specified in an environment variable -- -2.47.1 +2.48.1 From b20ebd7b65190b261aee21fcfcbd659d5951f9f4 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Mon, 19 Feb 2024 10:21:06 +0100 -Subject: [PATCH 29/31] zkey: Reject key generation and APQN association for +Subject: [PATCH 29/32] zkey: Reject key generation and APQN association for PVSECRET-AES keys (RHEL-23870) Keys of type PVSECRET-AES can not be generated using 'zkey generate'. @@ -9162,13 +9162,13 @@ index 6e9b32a..36bdbcc 100644 if (g.volumes != NULL) { warnx("Option '--volumes|-l' is not valid for " -- -2.47.1 +2.48.1 From 9a1bfa5a9977eef50956d588b736392aa2242578 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Mon, 19 Feb 2024 11:26:41 +0100 -Subject: [PATCH 30/31] zkey: Reject re-enciphering of PVSECRET-AES keys +Subject: [PATCH 30/32] zkey: Reject re-enciphering of PVSECRET-AES keys (RHEL-23870) Keys of type PVSECRET-AES can not be reenciphered using 'zkey reencipher' @@ -9313,13 +9313,13 @@ index 36bdbcc..90b4610 100644 &is_old_mk, NULL, g.verbose); if (rc != 0) { -- -2.47.1 +2.48.1 From 48ab37947ccda570e98aa046f2c28c11fdd59bdf Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Mon, 19 Feb 2024 10:25:54 +0100 -Subject: [PATCH 31/31] zkey: Support validation of key of type PVSECRET-AES +Subject: [PATCH 31/32] zkey: Support validation of key of type PVSECRET-AES (RHEL-23870) Keys of type PVSECRET-AES can also be verified via the pkey IOCTL @@ -9726,5 +9726,42 @@ index 90b4610..39a527c 100644 out: -- -2.47.1 +2.48.1 + + +From 5f6ea5bf9a1f22e2fe07267618072eb5182c5558 Mon Sep 17 00:00:00 2001 +From: Jakob Naucke +Date: Wed, 15 Jan 2025 17:36:01 +0100 +Subject: [PATCH 32/32] rust/pvimg: Fix flag parsing for allowing dump + (RHEL-76913) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Parsing of pvimg flags did not pick up allowing dumping correctly. + +Fixes: f4cf4ae6ebb1 (rust: Add a new tool called 'pvimg') +Reviewed-by: Marc Hartmayer +Signed-off-by: Jakob Naucke +Signed-off-by: Jan Höppner +(cherry picked from commit caaf2b2116235d282c2561f0bf6f62b0033c78c4) +--- + rust/pvimg/src/cmd/create.rs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rust/pvimg/src/cmd/create.rs b/rust/pvimg/src/cmd/create.rs +index 3e2ca65..c9d3974 100644 +--- a/rust/pvimg/src/cmd/create.rs ++++ b/rust/pvimg/src/cmd/create.rs +@@ -55,7 +55,7 @@ fn parse_flags( + .and(Some(PcfV1::all_disabled([PcfV1::AllowDumping]))), + lf.enable_dump + .filter(|x| *x) +- .and(Some(PcfV1::all_disabled([PcfV1::AllowDumping]))), ++ .and(Some(PcfV1::all_enabled([PcfV1::AllowDumping]))), + lf.disable_pckmo + .filter(|x| *x) + .and(Some(PcfV1::all_disabled([ +-- +2.48.1 diff --git a/s390utils.spec b/s390utils.spec index 7e2b5f7..21806b7 100644 --- a/s390utils.spec +++ b/s390utils.spec @@ -14,7 +14,7 @@ Name: s390utils Summary: Utilities and daemons for IBM z Systems Version: 2.36.0 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 2 # MIT covers nearly all the files, except init files License: MIT AND LGPL-2.1-or-later @@ -1087,6 +1087,10 @@ User-space development files for the s390/s390x architecture. %changelog +* Thu Jan 30 2025 Dan Horák - 2:2.36.0-2 +- pvimg/genprotimg: Fix confidential dump support (RHEL-76913) +- Resolves: RHEL-76913 + * Fri Jan 10 2025 Dan Horák - 2:2.36.0-1 - rebased to 2.36.0 (RHEL-59086) - cpacfinfo: new tool to provide CPACF information (RHEL-23869)