A fix is available
APAR status
Closed as new function.
Error description
Provide two new System Management API's to define and Query Guest Secure Image IPL Characteristics. A z/VM user can request that the machine loader validate the signed IPL code by using the security keys that were previously loaded by the customer into the HMC certificate store. The validation ensures that the IPL code is intact, unaltered, and originates from a trusted build-time source.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of System Management APIs needing * * support for guest secure IPL. * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** Support is needed in SMAPI to allow guest secure IPL (load and dump) for both ECKD and SCSI devices.
Problem conclusion
Temporary fix
FOR RELEASE ES-CMS-730-BASE : PREREQ: VM66646 VM66626 CO-REQ: NONE IF-REQ: UM90281(VM66434-7VMCPR30) UV99435(VM66424-7VMDIR30)
Comments
With the PTFs for APARs VM66424 (DirMaint), VM66434 (CP), and VM66650 (SMAPI), z/VM V7.3 supports guest secure IPL (load and dump) for both ECKD and SCSI devices. A z/VM guest can request that the machine loader validate the signed IPL code by using the security keys that were previously loaded by the customer onto the HMC certificate store. The validation ensures that the IPL code is intact, unaltered, and originates from a trusted build-time source. Support is provided for the following guest operating systems: - Linux is fully supported. If the IPL code does not validate, the IPL stops. - z/OS is supported in audit mode only. Full exploitation requires Virtual Flash Memory support, which is not available to a guest. In audit mode, the IPL code is checked but the IPL continues even if the code is not valid. The following new Systems Management API calls are added to define and query LOADDEV user directory statements: - Image_IPL_Characteristics_Define_DM - Image_IPL_Characteristics_Query_DM The following topics are updated : - "Image_IPL_Query_DM" - "Image_IPL_Set_DM" - "Image_SCSI_Characteristics_Define_DM" - "Image_SCSI_Characteristics_Query_DM" - "List-Directed IPL APIs" The following z/VM 7.3 publication is updated to reflect these changes: SC24-6327-73: System Management Application Programming This publication is available at the z/VM web site https://www.ibm.com/docs/en/zvm/7.3 Additional Keywords: D/T3931 D/T3932
APAR Information
APAR number
VM66650
Reported component name
VM CMS
Reported component ID
568411201
Reported release
730
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2022-10-27
Closed date
2023-06-28
Last modified date
2024-04-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UM90300
Modules/Macros
DMSBL493 DMSSIDAT DMSSIPRM DMSSJBST DMSSJGRV DMSSJIPL DMSSJIPQ DMSSSRCX DVHCSLDQ DVHCSLDS IMIPLCDD IMIPLCQD IMIPLQRY IMIPLSET SMAPI VSMWORK1
SC24632773 | GC24628673 |
Fix information
Fixed component name
VM CMS
Fixed component ID
568411201
Applicable component levels
R730 PSY UM90300
UP23/07/03 P 2401
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SG27M"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"730"}]
Document Information
Modified date:
04 April 2024