diff --git a/bundles.tar.xz b/bundles.tar.xz
index 6d5e61a..48e25c9 100644
--- a/bundles.tar.xz
+++ b/bundles.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:596a134fe14bb9bca1c177f682098f030ae5741767b562413a0212570aa863e1
-size 95812
+oid sha256:5d6076daf7ce76bafd1fc236b472bb3fbb516e8a2e68440f670a031c2d254250
+size 105540
diff --git a/pc-bios-s390x-Save-iplb-location-in-lowc.patch b/pc-bios-s390x-Save-iplb-location-in-lowc.patch
new file mode 100644
index 0000000..32a6d22
--- /dev/null
+++ b/pc-bios-s390x-Save-iplb-location-in-lowc.patch
@@ -0,0 +1,131 @@
+From: Janosch Frank <frankja@linux.ibm.com>
+Date: Wed, 4 Mar 2020 06:42:31 -0500
+Subject: pc-bios: s390x: Save iplb location in lowcore
+
+References: bsc#1163140
+
+The POP states that for a list directed IPL the IPLB is stored into
+memory by the machine loader and its address is stored at offset 0x14
+of the lowcore.
+
+ZIPL currently uses the address in offset 0x14 to access the IPLB and
+acquire flags about secure boot. If the IPLB address points into
+memory which has an unsupported mix of flags set, ZIPL will panic
+instead of booting the OS.
+
+As the lowcore can have quite a high entropy for a guest that did drop
+out of protected mode (i.e. rebooted) we encountered the ZIPL panic
+quite often.
+
+Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
+Tested-by: Marc Hartmayer <mhartmay@linux.ibm.com>
+Message-Id: <20200304114231.23493-19-frankja@linux.ibm.com>
+Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Liang Yan <lyan@suse.com>
+---
+ pc-bios/s390-ccw/jump2ipl.c  |  1 +
+ pc-bios/s390-ccw/main.c      |  8 +++++++-
+ pc-bios/s390-ccw/netmain.c   |  1 +
+ pc-bios/s390-ccw/s390-arch.h | 10 ++++++++--
+ pc-bios/s390-ccw/s390-ccw.h  |  1 +
+ 5 files changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/pc-bios/s390-ccw/jump2ipl.c b/pc-bios/s390-ccw/jump2ipl.c
+index 266f1502b9675d2a58cb7ae8adbb..1489e5043c85863df9e91951fbd1 100644
+--- a/pc-bios/s390-ccw/jump2ipl.c
++++ b/pc-bios/s390-ccw/jump2ipl.c
+@@ -35,6 +35,7 @@ void jump_to_IPL_code(uint64_t address)
+ {
+     /* store the subsystem information _after_ the bootmap was loaded */
+     write_subsystem_identification();
++    write_iplb_location();
+ 
+     /* prevent unknown IPL types in the guest */
+     if (iplb.pbt == S390_IPL_TYPE_QEMU_SCSI) {
+diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
+index a21b38628075b450477af9565fd6..4e65b411e1d890ba7f8536d7b99f 100644
+--- a/pc-bios/s390-ccw/main.c
++++ b/pc-bios/s390-ccw/main.c
+@@ -9,6 +9,7 @@
+  */
+ 
+ #include "libc.h"
++#include "helper.h"
+ #include "s390-arch.h"
+ #include "s390-ccw.h"
+ #include "cio.h"
+@@ -22,7 +23,7 @@ QemuIplParameters qipl;
+ IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE)));
+ static bool have_iplb;
+ static uint16_t cutype;
+-LowCore const *lowcore; /* Yes, this *is* a pointer to address 0 */
++LowCore *lowcore; /* Yes, this *is* a pointer to address 0 */
+ 
+ #define LOADPARM_PROMPT "PROMPT  "
+ #define LOADPARM_EMPTY  "        "
+@@ -42,6 +43,11 @@ void write_subsystem_identification(void)
+     *zeroes = 0;
+ }
+ 
++void write_iplb_location(void)
++{
++    lowcore->ptr_iplb = ptr2u32(&iplb);
++}
++
+ void panic(const char *string)
+ {
+     sclp_print(string);
+diff --git a/pc-bios/s390-ccw/netmain.c b/pc-bios/s390-ccw/netmain.c
+index f2dcc01e27257696d110b12164c9..309ffa30d992207770d51ffc7d9a 100644
+--- a/pc-bios/s390-ccw/netmain.c
++++ b/pc-bios/s390-ccw/netmain.c
+@@ -40,6 +40,7 @@
+ #define DEFAULT_TFTP_RETRIES 20
+ 
+ extern char _start[];
++void write_iplb_location(void) {}
+ 
+ #define KERNEL_ADDR             ((void *)0L)
+ #define KERNEL_MAX_SIZE         ((long)_start)
+diff --git a/pc-bios/s390-ccw/s390-arch.h b/pc-bios/s390-ccw/s390-arch.h
+index 504fc7c2f09878cb6b37e307bb20..5f36361c0223d43439a249e84040 100644
+--- a/pc-bios/s390-ccw/s390-arch.h
++++ b/pc-bios/s390-ccw/s390-arch.h
+@@ -36,7 +36,13 @@ typedef struct LowCore {
+     /* prefix area: defined by architecture */
+     PSWLegacy       ipl_psw;                  /* 0x000 */
+     uint32_t        ccw1[2];                  /* 0x008 */
+-    uint32_t        ccw2[2];                  /* 0x010 */
++    union {
++        uint32_t        ccw2[2];                  /* 0x010 */
++        struct {
++            uint32_t reserved10;
++            uint32_t ptr_iplb;
++        };
++    };
+     uint8_t         pad1[0x80 - 0x18];        /* 0x018 */
+     uint32_t        ext_params;               /* 0x080 */
+     uint16_t        cpu_addr;                 /* 0x084 */
+@@ -85,7 +91,7 @@ typedef struct LowCore {
+     PSW             io_new_psw;               /* 0x1f0 */
+ } __attribute__((packed, aligned(8192))) LowCore;
+ 
+-extern LowCore const *lowcore;
++extern LowCore *lowcore;
+ 
+ static inline void set_prefix(uint32_t address)
+ {
+diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
+index 11bce7d73c85581e561d5802059b..21f27e79906ea297c4480eeaee2e 100644
+--- a/pc-bios/s390-ccw/s390-ccw.h
++++ b/pc-bios/s390-ccw/s390-ccw.h
+@@ -57,6 +57,7 @@ void consume_io_int(void);
+ /* main.c */
+ void panic(const char *string);
+ void write_subsystem_identification(void);
++void write_iplb_location(void);
+ extern char stack[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE)));
+ unsigned int get_loadparm_index(void);
+ 
diff --git a/qemu.changes b/qemu.changes
index a972e9f..9872242 100644
--- a/qemu.changes
+++ b/qemu.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Mar 20 15:28:35 UTC 2020 - Liang Yan <lyan@suse.com>
+
+- Fix the issue that s390x could not read IPL channel program when using
+  dasd as boot device (bsc#1163140)
+  pc-bios-s390x-Save-iplb-location-in-lowc.patch
+
 -------------------------------------------------------------------
 Mon Mar 16 19:58:35 UTC 2020 - Bruce Rogers <brogers@suse.com>
 
diff --git a/qemu.spec b/qemu.spec
index 9481aaf..e54f6b4 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -244,6 +244,7 @@ Patch00113:     tests-Disable-some-block-tests-for-now.patch
 Patch00114:     test-add-mapping-from-arch-of-i686-to-qe.patch
 Patch00115:     roms-Makefile-enable-cross-compile-for-b.patch
 Patch00116:     hw-i386-disable-smbus-migration-for-xenf.patch
+Patch00117:     pc-bios-s390x-Save-iplb-location-in-lowc.patch
 # Patches applied in roms/seabios/:
 Patch01000:     seabios-use-python2-explicitly-as-needed.patch
 Patch01001:     seabios-switch-to-python3-as-needed.patch
@@ -1076,6 +1077,7 @@ This package provides a service file for starting and stopping KSM.
 %patch00114 -p1
 %patch00115 -p1
 %patch00116 -p1
+%patch00117 -p1
 %patch01000 -p1
 %patch01001 -p1
 %patch01002 -p1