debcrafters-packages team mailing list archive
-
debcrafters-packages team
-
Mailing list archive
-
Message #04984
[Bug 2118866] Re: [25.10 FEAT] [VS2502] KVM: CPI hardening for SEL guests (s390-tools)
** Changed in: ubuntu-z-systems
Status: In Progress => Fix Released
** Information type changed from Private to Public
--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to s390-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2118866
Title:
[25.10 FEAT] [VS2502] KVM: CPI hardening for SEL guests (s390-tools)
Status in Ubuntu on IBM z Systems:
Fix Released
Status in s390-tools package in Ubuntu:
Fix Released
Status in s390-tools-signed package in Ubuntu:
Fix Released
Bug description:
Feature Description:
With KVM: Implement Control Program Identification , Control Program
Identification (CPI) data is passed also for Secure Execution guests.
Linux distributions automatically send CPI data through a systemd unit
calling the cpictl program from the s390-tools package.
It is about hardening the cpictl utility to not automatically send CPI
data if the Linux instance runs a Secure Execution guest (to avoid
information leaks). The owner of the guest has to opt-in to send CPI
data when running as Secure Execution guest.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/2118866/+subscriptions