Ubuntu
s390-tools package

  1. Bug #1860531
  2. Comment #5

Comment 5 for bug 1860531

Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2020-02-03 07:03 EDT-------
Retest by doing an "apt upgrade" which provided

root@t35lp36:~# apt list --installed s390-tools
Listing... Done
s390-tools/focal,now 2.12.0-0ubuntu1 s390x [installed]
root@t35lp36:~#

When trying to IPL with the HMC setting "Enable Secure Boot for Linux" selected, the system did not start. HMC messages are:

Preparing system.
Starting system.

System version 8.

Watchdog enabled.
Running 'ZBootLoader' version '1.0.0' level 'D41C.D41C_0013'.

ZBootLoader 2.0.0.

MLOLOA6269050E Secure IPL: Execute entry does not point to the beginning of a si
gned component on device HBA=0.0.1900, WWPN=500507630B01C320, LUN=40504047000000
00.

IPL failed.

With the setting "secure=1" in /etc/zipl.conf, the zipl command yields the following output:

root@t35lp36:/# zipl -V
Using config file '/etc/zipl.conf'
Run /lib/s390-tools/zipl_helper.device-mapper /boot
Target device information
Device..........................: fd:00 *)
Partition.......................: fd:01
Device name.....................: dm-0
Device driver name..............: device-mapper
Type............................: disk partition
Disk layout.....................: SCSI disk layout *)
Geometry - start................: 2048 *)
File system block size..........: 4096
Physical block size.............: 512 *)
Device size in physical blocks..: 37746688
*) Data provided by script.
Building bootmap in '/boot'
Building menu 'menu'
Adding #1: IPL section 'ubuntu' (default)
initial ramdisk...: /boot/initrd.img
kernel image......: /boot/vmlinuz
kernel parmline...: 'root=UUID=dc6b7633-49f0-4095-8c35-678cbc212ca5 crashkernel=196M'
component address:
heap area.......: 0x00002000-0x00005fff
stack area......: 0x0000f000-0x0000ffff
internal loader.: 0x0000a000-0x0000dfff
parameters......: 0x00009000-0x000091ff
kernel image....: 0x00010000-0x007d8fff
parmline........: 0x007da000-0x007da1ff
initial ramdisk.: 0x007e0000-0x01a883ff
Adding #2: IPL section 'old'
initial ramdisk...: /boot/initrd.img.old
kernel image......: /boot/vmlinuz.old
kernel parmline...: 'root=UUID=dc6b7633-49f0-4095-8c35-678cbc212ca5 crashkernel=196M'
component address:
heap area.......: 0x00002000-0x00005fff
stack area......: 0x0000f000-0x0000ffff
internal loader.: 0x0000a000-0x0000dfff
parameters......: 0x00009000-0x000091ff
kernel image....: 0x00010000-0x007d7fff
parmline........: 0x007d9000-0x007d91ff
initial ramdisk.: 0x007e0000-0x01a865ff
Preparing boot device: dm-0.
Detected SCSI PCBIOS disk layout.
Writing SCSI master boot record.
Syncing disks...
Done.
root@t35lp36:/#

In this output there is no line that reads "signature for ..." which leads to the assumption that the Ubuntu kernel is not (yet) signed.

root@t35lp36:~# uname -a
Linux t35lp36 5.4.0-12-generic #15-Ubuntu SMP Tue Jan 21 17:56:00 UTC 2020 s390x s390x s390x GNU/Linux
root@t35lp36:~#

I tried the former kernel 5.4.0-9-generic too but the result is just the same.

So the fix cannot be tested with the "as-is" distro kernels.