s390-tools/s390-tools-sles15sp2-04-zipl-fix-zipl.conf-man-page-example-for-secure-boot.patch

Subject: [PATCH] [BZ 184396] zipl: fix zipl.conf man page example for secure boot
From: Stefan Haberland <sth@linux.ibm.com>

Description:   zipl: fix secure boot config handling
Symptom:       The config file parsing for secure boot worked not as
               it was expected to be. For example a config section
               setting was not evaluated properly.
               It is not possible to specify command line option -S
               without other options.
               Additionally the man page showed an invalid example.
Problem:       The config file parsing was not implemented properly.
Solution:      The hierarchy of the secure boot settings in the config
               file is:
                    defaultboot > menu > section
               Allow that --secure or -S is specified on command line
               without the need to allow all options on the command
               line. Also ensure that the command line option
               overrules the config option and correctly ensure that
               secure boot is only set for SCSI devices.
               Fix man page example.
Reproduction:  Run zipl with a secure= setting in a configuration
               section or specify -S on command line.
Upstream-ID:   299fd2b7729f35c6fe3be18964f7e5e6a365f94d
Problem-ID:    184396

Upstream-Description:

              zipl: fix zipl.conf man page example for secure boot

              The secure= option is not supported in the defaultboot section when a
              menu is used. It should be placed in the menu section in this case.

              Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
              Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>


Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
---
 zipl/man/zipl.conf.5 |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/zipl/man/zipl.conf.5
+++ b/zipl/man/zipl.conf.5
@@ -82,8 +82,6 @@ below).
 .br
 defaultmenu = menu1
 .br
-secure = auto
-.br
 
 [linux]
 .br
@@ -117,6 +115,8 @@ prompt      = 1
 .br
 timeout     = 0
 .br
+secure      = auto
+.br
 .PP
 
 .B BootLoaderSpec configuration files
@@ -522,7 +522,7 @@ non-default memory location.
 .B secure
 =
 .IR auto / 1 / 0
-(configuration only)
+(configuration and menu)
 .IP
 .B Configuration section:
 .br
Accepting request 786614 from home:markkp:branches:Base:System - Added the following patches for bsc#1166850 zipl: fix secure boot config handling: * s390-tools-sles15sp2-01-zipl-Add-missing-options-to-help-output.patch * s390-tools-sles15sp2-02-zipl-allow-stand-alone-secure-option-on-command-l.patch * s390-tools-sles15sp2-03-zipl-correct-secure-boot-config-handling.patch * s390-tools-sles15sp2-04-zipl-fix-zipl.conf-man-page-example-for-secure-boot.patch - Modified the spec file so that the kernel used for the SCSI dump tool is named zfcpdump-image instead of zfcpdump_part.image. This is to match the new version of zipl that expects this new file name. (bsc#1166851) - Added the following patches to implement jsc#SLE-7471, Enhanced tooling for kvm guest images (bsc#1165549): * s390-tools-sles15sp2-01-zipl-fix-Wdiscarded-qualifiers.patch * s390-tools-sles15sp2-02-zipl-fix-Waddress-of-packed-member.patch * s390-tools-sles15sp2-03-zipl-remove-some-useless-__packed___-attributes.patch * s390-tools-sles15sp2-04-zipl-Fix-entry-point-for-stand-alone-kdump.patch * s390-tools-sles15sp2-05-zipl-Fix-dependency-generation-in-zipl-boot.patch * s390-tools-sles15sp2-06-zipl-Make-use-of-__packed-macro.patch * s390-tools-sles15sp2-07-zipl-define-__section-macro-and-make-use-of-it.patch * s390-tools-sles15sp2-08-zipl-Make-use-of-__noreturn-macro.patch * s390-tools-sles15sp2-09-zipl-Define-__noinline-macro-and-make-use-of-it.patch * s390-tools-sles15sp2-10-zipl-stage3-Mark-start_kernel-__noreturn.patch * s390-tools-sles15sp2-11-zipl-sclp-Remove-duplicate-macros.patch * s390-tools-sles15sp2-12-zipl-Make-address-size-mask-macros-UL.patch * s390-tools-sles15sp2-13-zipl-libc-Use-stdint.h-instead-of-self-defined-macro.patch * s390-tools-sles15sp2-14-zipl-Consolidate-IMAGE-macros.patch * s390-tools-sles15sp2-15-zipl-Consolidate-STAGE-2-3-macros.patch * s390-tools-sles15sp2-16-zipl-stfle-use-uint64_t-instead-of-u64.patch * s390-tools-sles15sp2-17-zipl-boot-fix-comment-in-stage3.lds.patch * s390-tools-sles15sp2-18-lib-zt_common-add-STATIC_ASSERT-macro.patch * s390-tools-sles15sp2-19-zipl-use-STATIC_ASSERT-macro-for-no-padding-verifica.patch * s390-tools-sles15sp2-20-Support-lib-zt_common.h-to-be-used-in-assembler-and-.patch * s390-tools-sles15sp2-21-zipl-move-IPL-related-definitions-into-separate-head.patch * s390-tools-sles15sp2-22-zipl-move-SIGP-related-functions-and-definitions-int.patch * s390-tools-sles15sp2-23-zipl-add-SIGP_SET_ARCHITECTURE-to-sigp.h-and-use-it.patch * s390-tools-sles15sp2-24-zipl-stage3-make-IPL_DEVICE-definition-consistent-wi.patch * s390-tools-sles15sp2-25-zipl-move-Linux-layout-definitions-into-separate-hea.patch * s390-tools-sles15sp2-26-zipl-tape0-use-constants-defined-in-linux_layout.h.patch * s390-tools-sles15sp2-27-zipl-use-STAGE3_ENTRY-for-STAGE3_LOAD_ADDRESS.patch * s390-tools-sles15sp2-28-zipl-move-loaders-layout-definitions-into-separate-h.patch * s390-tools-sles15sp2-29-zipl-s390.h-rename-inline-macro-into-__always_inline.patch * s390-tools-sles15sp2-30-zipl-move-__always_inline-barrier-__pa32-pa-to-zt_co.patch * s390-tools-sles15sp2-31-zipl-make-BLK_PWRT-unsigned-int.patch * s390-tools-sles15sp2-32-Consolidate-MIN-and-MAX-macros.patch * s390-tools-sles15sp2-33-zipl-remove-libc.h-include-in-s390.h.patch * s390-tools-sles15sp2-34-zipl-move-s390.h-to-include-boot-s390.h.patch * s390-tools-sles15sp2-35-zipl-libc-include-s390.h.patch * s390-tools-sles15sp2-36-include-boot-s390.h-move-panic-and-panic_notify-to-l.patch * s390-tools-sles15sp2-37-include-boot-s390.h-fixes-for-Werror-sign-conversion.patch * s390-tools-sles15sp2-38-zipl-refactor-all-EBCDIC-code-into-separate-files.patch * s390-tools-sles15sp2-39-zipl-sclp-add-macros-for-the-control-program-masks.patch * s390-tools-sles15sp2-40-zipl-sclp-add-sclp_print_ascii.patch * s390-tools-sles15sp2-41-zipl-libc-printf-print-on-linemode-and-ASCII-console.patch * s390-tools-sles15sp2-42-Consolidate-ALIGN-__ALIGN_MASK-ARRAY_SIZE-macros.patch * s390-tools-sles15sp2-43-genprotimg-boot-initial-bootloader-support.patch * s390-tools-sles15sp2-44-genprotimg-boot-use-C-pre-processor-for-linker-scrip.patch * s390-tools-sles15sp2-45-genprotimg-add-relocator-for-stage3b.patch * s390-tools-sles15sp2-46-README.md-remove-useless-empty-line.patch * s390-tools-sles15sp2-47-include-boot-s390.h-add-guard-for-struct-__vector128.patch * s390-tools-sles15sp2-48-genprotimg-introduce-new-tool-for-the-creation-of-PV.patch - Added a BuildRequires for glib2-devel to support the new feature. - Added a %dir entry for /usr/share/s390-tools/genprotimg OBS-URL: https://build.opensuse.org/request/show/786614 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=92 2020-03-19 23:52:46 +01:00			`Subject: [PATCH] [BZ 184396] zipl: fix zipl.conf man page example for secure boot`
			`From: Stefan Haberland <sth@linux.ibm.com>`

			`Description: zipl: fix secure boot config handling`
			`Symptom: The config file parsing for secure boot worked not as`
			`it was expected to be. For example a config section`
			`setting was not evaluated properly.`
			`It is not possible to specify command line option -S`
			`without other options.`
			`Additionally the man page showed an invalid example.`
			`Problem: The config file parsing was not implemented properly.`
			`Solution: The hierarchy of the secure boot settings in the config`
			`file is:`
			`defaultboot > menu > section`
			`Allow that --secure or -S is specified on command line`
			`without the need to allow all options on the command`
			`line. Also ensure that the command line option`
			`overrules the config option and correctly ensure that`
			`secure boot is only set for SCSI devices.`
			`Fix man page example.`
			`Reproduction: Run zipl with a secure= setting in a configuration`
			`section or specify -S on command line.`
			`Upstream-ID: 299fd2b7729f35c6fe3be18964f7e5e6a365f94d`
			`Problem-ID: 184396`

			`Upstream-Description:`

			`zipl: fix zipl.conf man page example for secure boot`

			`The secure= option is not supported in the defaultboot section when a`
			`menu is used. It should be placed in the menu section in this case.`

			`Signed-off-by: Stefan Haberland <sth@linux.ibm.com>`
			`Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>`


			`Signed-off-by: Stefan Haberland <sth@linux.ibm.com>`
			`---`
			`zipl/man/zipl.conf.5 \| 6 +++---`
			`1 file changed, 3 insertions(+), 3 deletions(-)`

			`--- a/zipl/man/zipl.conf.5`
			`+++ b/zipl/man/zipl.conf.5`
			`@@ -82,8 +82,6 @@ below).`
			`.br`
			`defaultmenu = menu1`
			`.br`
			`-secure = auto`
			`-.br`

			`[linux]`
			`.br`
			`@@ -117,6 +115,8 @@ prompt = 1`
			`.br`
			`timeout = 0`
			`.br`
			`+secure = auto`
			`+.br`
			`.PP`

			`.B BootLoaderSpec configuration files`
			`@@ -522,7 +522,7 @@ non-default memory location.`
			`.B secure`
			`=`
			`.IR auto / 1 / 0`
			`-(configuration only)`
			`+(configuration and menu)`
			`.IP`
			`.B Configuration section:`
			`.br`