Ubuntu 22.04 released

Canonical release a new LTS (Long Term Support) version of its Ubuntu server offering Ubuntu Server 22.04!
It ships

• Linux kernel 5.15
• QEMU v6.2
• libvirt v8.0

See the release notes here, and the blog entry at Canonical with Z-specific highlights here.

Howto: Verifying Secure Execution Host Key Documents

TL;DR

Using genprotimg to build an IBM Secure Execution for Linux image may fail after CA certificate reissue in April 2022.

If this happens you can work around it by using this script

to verify the validity of the host key document and run genprotimg with the --noverify option.

The certificates used to verify Host Key Documents for IBM Secure Execution for Linux are about to be renewed in April 2022. As a result, the genprotimg tool contained in your Linux distribution may report a verification failure and refuse to build a secure image. Patches for RHEL 8 as well as for SLES 15 and Ubuntu 20.04 are underway, so the issue can eventually be fixed by updating your Linux installation.

Until then, it is possible to work around as follows:

1. Download the check_hostkeydoc script at https://github.com/ibm-s390-linux/s390-tools/blob/master/genprotimg/samples/check_hostkeydoc.
2. Run
   check_hostkeydoc <your host key document> \
       ibm-z-host-key-signing.crt -c DigiCertCA.crt 
3. If the previous step succeeded, it's safe to
   run genprotimg --no-verify -k <your host key document> \
       -o <output file> -i <kernel file> -r <ramdisk file> \
       -p <parameter file>

More information about IBM Secure Execution for Linux can be found here.

IBM z16 announced!

Today, IBM announced the new IBM z16, with a planned availability date of May 31.

See here for the press release, and here for the offical homepag. For further details, including a list of supported Linux distributions, see Eberhard's blog here.

And for a more hands-on tour of the new box, check out this video.