IBM Support

VM66650: SMAPI SUPPORT FOR GUEST SECURE IPL

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • Provide two new System Management API's to define and
    Query Guest Secure Image IPL Characteristics.
    
    A z/VM user can request that the machine loader validate the
    signed IPL code by using the security keys that were previously
    loaded by the customer into the HMC certificate store. The
    validation ensures that the IPL code is intact, unaltered, and
    originates from a trusted build-time source.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of System Management APIs needing  *
    *                 support for guest secure IPL.                *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION: APPLY PTF                                    *
    ****************************************************************
         Support is needed in SMAPI to allow guest secure IPL
    (load and dump) for both ECKD and SCSI devices.
    

Problem conclusion

Temporary fix

Comments

  • With the PTFs for APARs VM66424 (DirMaint), VM66434 (CP), and
    VM66650 (SMAPI), z/VM V7.3 supports guest secure IPL (load
    and dump) for both ECKD and SCSI devices.  A z/VM guest can
    request that the machine loader validate the signed IPL code by
    using the security keys that were previously loaded by the
    customer onto the HMC certificate store.  The validation
    ensures that the IPL code is intact, unaltered, and originates
    from a trusted build-time source.  Support is provided for
    the following guest operating systems:
    - Linux is fully supported.  If the IPL code does not validate,
      the IPL stops.
    - z/OS is supported in audit mode only.  Full exploitation
      requires Virtual Flash Memory support, which is not
      available to a guest.  In audit mode, the IPL code is
      checked but the IPL continues even if the code is not valid.
    
    The following new Systems Management API calls are added to
    define and query LOADDEV user directory statements:
    - Image_IPL_Characteristics_Define_DM
    - Image_IPL_Characteristics_Query_DM
    
    The following topics are updated :
    - "Image_IPL_Query_DM"
    - "Image_IPL_Set_DM"
    - "Image_SCSI_Characteristics_Define_DM"
    - "Image_SCSI_Characteristics_Query_DM"
    - "List-Directed IPL APIs"
    
    The following z/VM 7.3 publication is updated to reflect these
    changes:
    SC24-6327-73: System Management Application Programming
    This publication is available at the z/VM web site
    https://www.ibm.com/docs/en/zvm/7.3
    
    Additional Keywords: D/T3931 D/T3932
    

APAR Information

  • APAR number

    VM66650

  • Reported component name

    VM CMS

  • Reported component ID

    568411201

  • Reported release

    730

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / New Function / Xsystem

  • Submitted date

    2022-10-27

  • Closed date

    2023-06-28

  • Last modified date

    2024-04-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UM90300

Modules/Macros

  • DMSBL493 DMSSIDAT DMSSIPRM DMSSJBST DMSSJGRV DMSSJIPL DMSSJIPQ
    DMSSSRCX DVHCSLDQ DVHCSLDS IMIPLCDD IMIPLCQD IMIPLQRY IMIPLSET
    SMAPI    VSMWORK1
    

Publications Referenced
SC24632773GC24628673   

Fix information

  • Fixed component name

    VM CMS

  • Fixed component ID

    568411201

Applicable component levels

  • R730 PSY UM90300

       UP23/07/03 P 2401  

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SG27M"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"730"}]

Document Information

Modified date:
04 April 2024