[23.10 FEAT] [SEC2352] pkey: support EP11 API ordinal 6 for secure guests

Any details already about a potential target kernel this is going to land in? (or the commit(s)?)

------- Comment From <email address hidden> 2023-08-16 04:34 EDT-------
This lineitem still needs some development. It will comprise hopefully only one small patch with about 10 lines of code, so nothing dramatically. As soon as the patch is public available I'll update this bugzilla with the commit id.

Thanks for the heads-up!.
(Just to let you know that having it in linux-next would be fine; but it could also be interesting to see it in a staging area...)

------- Comment From <email address hidden> 2023-08-21 02:47 EDT-------
Ok, now the patch went upstream. It is available in the s390 features branch and will go into the next kernel merge window:

386cb81e4ba7 s390/zcrypt_ep11misc: support API ordinal 6 with empty pin-blob

Kernel test build(s) available in this PPA:
https://launchpad.net/~fheimes/+archive/ubuntu/lp2028937+lp2029390

Pull request submitted to kernel team's mailing list:
https://lists.ubuntu.com/archives/kernel-team/2023-September/thread.html#142534

Changing status to 'In Progress'.

Assigning to kernel team.

@kernel-team Please notice that the PR for LP: 2028937 needs to be applied first (to mantic's 6.5) to get this cherry-pick in (without conflicts)!
(I've mentioned that also in the cover-letter.)

Updated to 'Fix Committed' since code is in mantic-proposed.

This bug was fixed in the package linux - 6.5.0-7.7

---------------
linux (6.5.0-7.7) mantic; urgency=medium

  * mantic/linux: 6.5.0-7.7 -proposed tracker (LP: #2037611)

  * kexec enable to load/kdump zstd compressed zimg (LP: #2037398)
    - [Packaging] Revert arm64 image format to Image.gz

  * Mantic minimized/minimal cloud images do not receive IP address during
    provisioning (LP: #2036968)
    - [Config] Enable virtio-net as built-in to avoid race

  * Miscellaneous Ubuntu changes
    - SAUCE: Add mdev_set_iommu_device() kABI
    - [Config] update gcc version in annotations

 -- Andrea Righi <email address hidden> Thu, 28 Sep 2023 10:19:24 +0200

This bug is awaiting verification that the linux-azure-6.5/6.5.0-1007.7~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-azure-6.5' to 'verification-done-jammy-linux-azure-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-azure-6.5' to 'verification-failed-jammy-linux-azure-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

not needed, update tags to unblock

This bug is awaiting verification that the linux-aws-6.5/6.5.0-1008.8~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-aws-6.5' to 'verification-done-jammy-linux-aws-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-aws-6.5' to 'verification-failed-jammy-linux-aws-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

does not affect aws, updating tags just to unblock