[22.04 FEAT] zcrypt DD: Exploitation Support of new IBM Z Crypto Hardware (s390-tools part)

------- Comment From <email address hidden> 2022-01-30 22:55 EDT-------
This also has a kernel part:
Canonical LP#1959547 - IBM BZ#196080[22.04 FEAT] zcrypt DD: Exploitation Support of new IBM Z Crypto Hardware - kernel part

Since I strongly assume that this s390-tools feature will be part of the upcoming version >2.19, that is planned to be the target for jammy, I'll mark this as duplicate of LP#1959420.

Does not seem to be included in v2.20.0, hence separating this again.

------- Comment From <email address hidden> 2022-05-16 09:22 EDT-------
These commits are needed on top of s390-tools v2.20:

46fd42af lszcrypt: new option to show the serial numbers of CCA and EP11 cards
a8b0d7ac lszcrypt: new options to filter cards/queues only
a29b3c89 lszcrypt: new options to show only accel, cca or ep11 cards/queues
27dce331 lszcrypt: add support for checkstop state
4382901d lszcrypt: show AP bus msg size limit capability
bcbb6fca zcryptstats: add CEX8 support
b16a6d4f lszcrypt: add CEX8S support

A test build in PPA was done and is available here: https://launchpad.net/~fheimes/+archive/ubuntu/lp1959548

The fix for this bug has been uploaded to Kinetic and the SRU queue for Jammy.

This bug was fixed in the package s390-tools - 2.20.0-0ubuntu4

---------------
s390-tools (2.20.0-0ubuntu4) kinetic; urgency=medium

  * Fix chreipl-fcp-mpath (LP: #1971993)
    - Move chreipl-fcp-mpath* from /lib/udev/rules.d to /lib/udev.
    - d/control:
      + Build-Depend on bsdextrautils for hexdump
      + Add multiple explicit Depends on udev
      + s390-tools-chreipl-fcp-mpath: drop unnecessary Depends on lvm2
    - No longer change attributes of chreipl-fcp-mpath-common.sh to 755,
      since only the input script '.in' has a she-bang, but not the '.sh'
      anymore (was done with commit c2f8988).
    - Add d/p/0d15a07-chreipl-fcp-mpath-bundle-a-pre-cooked-man-page.patch
      to bundle a pre-cooked version of the man page for chreipl-fcp-mpath
      Required minor context adjustment for CHANGELOG.md hunk
      and changes in d/rules.
    - Add missing README.md to s390-tools-chreipl-fcp-mpath.doc
      (and with that also the README.md for genprotimg to s390-tools.docs).
  * Add new CPU-MF Counters for new IBM Z hardware (LP: #1960119) by:
    - d/p/2515832-util_arch-Add-IBM-z16-as-known-machine.patch and
    - d/p/cce5f51-cpumf-lscpumf-Add-IBM-z16-extended-counter-set-def.patch
  * Add exploitation support of new IBM Z crypto hardware (LP: #1959548) with:
    - d/p/b16a6d4f-lszcrypt-add-CEX8S-support.patch
    - d/p/bcbb6fca-zcryptstats-add-CEX8-support.patch
    - d/p/4382901d-lszcrypt-show-AP-bus-msg-size-limit-capability.patch
    - d/p/27dce331-lszcrypt-add-support-for-checkstop-state.patch
    - d/p/a29b3c89-lszcrypt-new-options-to-show-only-accel-cca-or-ep11-.patch
    - d/p/a8b0d7ac-lszcrypt-new-options-to-filter-cards-queues-only.patch
    - d/p/46fd42af-lszcrypt-new-option-to-show-the-serial-numbers-of-CC.patch
  * Stabilization of data collection in dbginfo.sh script (LP: #1971959)
    by adding several upstream patches:
    - d/p/*-dbginfo.sh-*.patch
    - whereas one needed minor context adjutment for the CHANGELOG.md hunk:
      d/p/50a4740-dbginfo.sh-replace-which-by-builtin-command-type-for.patch
  * Fix cmsfs-fuse mount failure due to unknown option '-o hard_remove'
    (LP: #1978323) with:
    d/p/0981df6-cmsfs-fuse-fix-enabling-of-hard_remove-option.patch

 -- Frank Heimes <email address hidden> Fri, 20 May 2022 13:48:34 +0200

Hello bugproxy, or anyone else affected,

Accepted s390-tools into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/s390-tools/2.20.0-0ubuntu3.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

------- Comment From <email address hidden> 2022-07-04 06:13 EDT-------
Verified. I downloaded the dep package from the link above and force-installed it and verified my extensions to the s390-tools package.

Many thx Harald for the verification.
(I'm adjusting the tags accordingly...)

This bug was fixed in the package s390-tools - 2.20.0-0ubuntu3.1

---------------
s390-tools (2.20.0-0ubuntu3.1) jammy; urgency=medium

  * Fix chreipl-fcp-mpath (LP: #1971993)
    - Move chreipl-fcp-mpath* from /lib/udev/rules.d to /lib/udev.
    - d/control:
      + Build-Depend on bsdextrautils for hexdump
      + Add multiple explicit Depends on udev
      + s390-tools-chreipl-fcp-mpath: drop unnecessary Depends on lvm2
    - No longer change attributes of chreipl-fcp-mpath-common.sh to 755,
      since only the input script '.in' has a she-bang, but not the '.sh'
      anymore (was done with commit c2f8988).
    - Add d/p/0d15a07-chreipl-fcp-mpath-bundle-a-pre-cooked-man-page.patch
      to bundle a pre-cooked version of the man page for chreipl-fcp-mpath
      Required minor context adjustment for CHANGELOG.md hunk
      and changes in d/rules.
    - Add missing README.md to s390-tools-chreipl-fcp-mpath.doc
      (and with that also the README.md for genprotimg to s390-tools.docs).
  * Add new CPU-MF Counters for new IBM Z hardware (LP: #1960119) by:
    - d/p/2515832-util_arch-Add-IBM-z16-as-known-machine.patch and
    - d/p/cce5f51-cpumf-lscpumf-Add-IBM-z16-extended-counter-set-def.patch
  * Add exploitation support of new IBM Z crypto hardware (LP: #1959548) with:
    - d/p/b16a6d4f-lszcrypt-add-CEX8S-support.patch
    - d/p/bcbb6fca-zcryptstats-add-CEX8-support.patch
    - d/p/4382901d-lszcrypt-show-AP-bus-msg-size-limit-capability.patch
    - d/p/27dce331-lszcrypt-add-support-for-checkstop-state.patch
    - d/p/a29b3c89-lszcrypt-new-options-to-show-only-accel-cca-or-ep11-.patch
    - d/p/a8b0d7ac-lszcrypt-new-options-to-filter-cards-queues-only.patch
    - d/p/46fd42af-lszcrypt-new-option-to-show-the-serial-numbers-of-CC.patch
  * Stabilization of data collection in dbginfo.sh script (LP: #1971959)
    by adding several upstream patches:
    - d/p/*-dbginfo.sh-*.patch
    - whereas one needed minor context adjutment for the CHANGELOG.md hunk:
      d/p/50a4740-dbginfo.sh-replace-which-by-builtin-command-type-for.patch
  * Fix cmsfs-fuse mount failure due to unknown option '-o hard_remove'
    (LP: #1978323) with:
    d/p/0981df6-cmsfs-fuse-fix-enabling-of-hard_remove-option.patch

 -- Frank Heimes <email address hidden> Fri, 20 May 2022 13:48:34 +0200

The verification of the Stable Release Update for s390-tools has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

------- Comment From <email address hidden> 2022-07-06 20:56 EDT-------
Fix was verified and released to -updates, therefore we can close the bug.
Thanks everybody for your work.
Changing status to: CLOSED