debcrafters-packages team mailing list archive

Thread
Date

[Bug 2118866] Re: [25.10 FEAT] [VS2502] KVM: CPI hardening for SEL guests (s390-tools)

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Frank Heimes <2118866@xxxxxxxxxxxxxxxxxx>
Date: Tue, 05 Aug 2025 09:00:57 -0000
Reply-to: Bug 2118866 <2118866@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Changed in: ubuntu-z-systems
       Status: In Progress => Fix Released

** Information type changed from Private to Public

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to s390-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2118866

Title:
  [25.10 FEAT] [VS2502] KVM: CPI hardening for SEL guests (s390-tools)

Status in Ubuntu on IBM z Systems:
  Fix Released
Status in s390-tools package in Ubuntu:
  Fix Released
Status in s390-tools-signed package in Ubuntu:
  Fix Released

Bug description:
  Feature Description:

  With KVM: Implement Control Program Identification , Control Program
  Identification (CPI) data is passed also for Secure Execution guests.
  Linux distributions automatically send CPI data through a systemd unit
  calling the cpictl program from the s390-tools package.

  It is about hardening the cpictl utility to not automatically send CPI
  data if the Linux instance runs a Secure Execution guest (to avoid
  information leaks). The owner of the guest has to opt-in to send CPI
  data when running as Secure Execution guest.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/2118866/+subscriptions