Tuesday, July 19, 2022

Persistent configuration of crypto passthrough

Are you using CryptoExpress cards with KVM on IBM zSystems or LinuxONE? Sebastian Mitterle has a very good overview on how to make crypto device passthrough persistent.

http://learningbytesting.mathume.com/2022/07/persistent-crypto-device-passthrough-on.html

Tuesday, April 26, 2022

Ubuntu 22.04 released

Canonical release a new LTS (Long Term Support) version of its Ubuntu server offering Ubuntu Server 22.04!
It ships

  • Linux kernel 5.15
  • QEMU v6.2
  • libvirt v8.0
See the release notes here, and the blog entry at Canonical with Z-specific highlights here.

Thursday, April 21, 2022

Howto: Verifying Secure Execution Host Key Documents

TL;DR

Using genprotimg to build an IBM Secure Execution for Linux image may fail after CA certificate reissue in April 2022.
If this happens you can work around it by using this script
to verify the validity of the host key document and run genprotimg with the --noverify option.

The certificates used to verify Host Key Documents for IBM Secure Execution for Linux are about to be renewed in April 2022. As a result, the genprotimg tool contained in your Linux distribution may report a verification failure and refuse to build a secure image. Patches for RHEL 8 as well as for SLES 15 and Ubuntu 20.04 are underway, so the issue can eventually be fixed by updating your Linux installation.
Until then, it is possible to work around as follows:
  1. Download the check_hostkeydoc script at https://github.com/ibm-s390-linux/s390-tools/blob/master/genprotimg/samples/check_hostkeydoc.
  2. Run
    check_hostkeydoc <your host key document> \
        ibm-z-host-key-signing.crt -c DigiCertCA.crt
     
  3. If the previous step succeeded, it's safe to
    run genprotimg --no-verify -k <your host key document> \
        -o <output file> -i <kernel file> -r <ramdisk file> \
        -p <parameter file>
More information about IBM Secure Execution for Linux can be found here.

Tuesday, April 5, 2022

IBM z16 announced!

Today, IBM announced the new IBM z16, with a planned availability date of May 31.

See here for the press release, and here for the offical homepag. For further details, including a list of supported Linux distributions, see Eberhard's blog here.

And for a more hands-on tour of the new box, check out this video.

Thursday, March 31, 2022

Documentation: Solution Assurance

The solution assurance team started to publish solution setups, recommendations, and step-by-step guidelines for a broad range of topics, for example:

  • High availability clustering
  • IBM Cloud Infrastructure Center
  • CPUMF
  • kdump
and more!

You can access the materials here, but don't forget to check back periodically: There is more to come!

Tuesday, March 29, 2022

Documentation: SAP Application Server on KVM

This new publication aims towards providing practical insights for running real-world workloads on KVM on IBM Z. From the abstract:

The SAP on IBM Z Performance team, in Poughkeepsie, NY, conducted a series of measurements to assess the performance cost of implementing a KVM environment to host SAP application servers. The tests used SAP (SBS 9.0) core banking workloads, with a Db2 database having 100 million banking accounts, which are comparable to some of the largest banks in the world. Tests were conducted that used both banking workload types, Account Settlement (batch) and Day Posting, which simulates online transactional processing (OLTP). They were executed on an IBM z15 with 16 and 32 Integrated Facility for Linux (IFL) processor configurations, that used various degrees of virtualization.

The document is available here.

Tuesday, November 23, 2021

New Community: Compass L

Do you know Compass L yet...? This community offers a great opportunity to interact with other users, developers and architects of Linux and KVM on IBM Z!

For further information, see the flyer below, or head over right away and join the community here.