-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Select APQNs for a new secure key #1033
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joseivanlopez
force-pushed
the
select_apqns
branch
from
January 27, 2020 16:29
d8f4f24
to
57c9501
Compare
joseivanlopez
force-pushed
the
select_apqns
branch
2 times, most recently
from
February 27, 2020 13:44
32877f7
to
e158a13
Compare
joseivanlopez
force-pushed
the
select_apqns
branch
from
February 28, 2020 17:04
cb1789c
to
e44dd7a
Compare
imobachgs
reviewed
Feb 29, 2020
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general, it looks good. Just a few comments and most of them can be ignored :)
joseivanlopez
force-pushed
the
select_apqns
branch
from
March 2, 2020 16:18
6de67f7
to
d148370
Compare
imobachgs
approved these changes
Mar 2, 2020
✔️ Internal Jenkins job #95 successfully finished |
✔️ Public Jenkins job #271 successfully finished |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
When a device is going to be encrypted with pervasive encryption (s390), a new secure key is generated for the device (if there is none yet). By default, this new secure key will be generated for all adapters/domains available in the system. But this could fail when the adapters/domains are set with different master keys. In that case, only adapters using the same master key should be taken into account for generating the new secure key.
https://jira.suse.com/browse/IBM-495?focusedCommentId=974832&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-974832
https://trello.com/c/KwTmeWhi/1587-5-sle-7376-pervasive-encryption-second-round-specifying-the-apqns
Solution
Now, the dialog for pervasive encryption allows to select APQNs when a new secure key is going to be generated. An error is shown when the secure key cannot be generated with the selected APQNs.
Theoretically, zkey generate command should fail when the APQNs used to generate the secure key are configured with different master keys. But, according to my tests, the command does not fail in that case. It only fails when none of the given APQNs are configured with a master key.
Testing
Screenshots
Show/Hide