Secure Boot / Secure IPL

The new IBM z15 / LinuxONE Emperor III introduced the possibility for an operating system to boot in a secure fashion. The chain of trust is verified from the hardware throughout the whole firmware up into the operating system. Right now this is only supported for SCSI IPL. 
Linux is the first Z operating system exploiting this. As this is brand new there is only little documentation available, I’ve decided to cover all three major distributions here in this post as they release the support. 

Linux has two new sysfs entries showing the state of the system:

  • /sys/firmware/ipl/has_secure – shows if the hardware supports secure boot ( = 1 ) or not ( = 0 )
  • /sys/firmware/ipl/secure  – shows if the secure IPL was successful ( = 1 ) or not ( = 0 ) 

To write a secure boot record the zipl tool has a new option --secure but you better specify this in the zipl.conf with secure=1. After you’ve added the signature to the boot record, you can go to the HMC and IPL / boot with the new option enabled:

HMC load panel with "Enable Secure Boot for Linux"

Caveat: you only see the “Enable Secure Boot for Linux” after you select “SCSI load”. 

After the load has been successful, you can verify with
# cat /sys/firmware/ipl/secure
1
that you are really running in secure mode. You may be required to keep this for auditing! 

If something went wrong because of a typo, bug etc you’ll see the message
MLOLOA6269050E Secure IPL: Execute entry does not point to the beginning of a signed component on device HBA=0.0.HHHH, WWPN=XXXXXXXXXXXXXXXX, LUN=YYYYYYYYYYYYYYYY.
IPL failed.
on the operating system console in the HMC.

If someone e.g. a bad guy tried to play with the kernel it will be detected and the system will not IPL. Then you see the message:
MLOLOA6269051E Secure IPL: Signature verification failed for component on device HBA=0.0.HHHH, WWPN=XXXXXXXXXXXXXXXX, LUN=YYYYYYYYYYYYYYYY.
IPL failed.

Of course also inserting kernel modules that are not signed isn’t going to work. In the following paragraphs I’ll cover the different operating systems.

RHEL 8.1 

There is a bug in the RHEL 8.1 GA kernel, that renders /sys/firmware/ipl/has_secure useless. This will be fixed with the next kernel update.
To enable secure boot install normally on SCSI. Then add the line 
secure=1 in the [defaultboot] section of /etc/zipl.conf. 
Then call zipl -V and you should see an output like the following – look for the “signature for…..” messages. 

[root@t35lp76 ~]# zipl -V
Using config file '/etc/zipl.conf'
Using BLS config file '/boot/loader/entries/f648539b1cca444bb23b099a83e9804b-4.18.0-147.el8.s390x.conf'
Using BLS config file '/boot/loader/entries/f648539b1cca444bb23b099a83e9804b-0-rescue.conf'
Run /lib/s390-tools/zipl_helper.device-mapper /boot
Target device information
Device..........................: fd:00 *)
Partition.......................: fd:02
Device name.....................: dm-0
Device driver name..............: device-mapper
Type............................: disk partition
Disk layout.....................: SCSI disk layout *)
Geometry - start................: 2048 *)
File system block size..........: 4096
Physical block size.............: 512 *)
Device size in physical blocks..: 39843840
*) Data provided by script.
Building bootmap in '/boot'
Building menu 'zipl-automatic-menu'
Adding #1: IPL section 'Red Hat Enterprise Linux (4.18.0-147.el8.s390x) 8.1 (Ootpa)' (default)
initial ramdisk...: /boot/initramfs-4.18.0-147.el8.s390x.img
signature for.....: /lib/s390-tools/stage3.bin
kernel image......: /boot/vmlinuz-4.18.0-147.el8.s390x
signature for.....: /boot/vmlinuz-4.18.0-147.el8.s390x
kernel parmline...: 'root=UUID=55174956-624e-420a-8fcf-22cb571352d9 crashkernel=128M rd.zfcp=0.0.1900,0x500507630b01c320,0x4050409600000000 rd.zfcp=0.0.1940,0x500507630b09c320,0x4050409600000000 cio_ignore=all,!condev rd.znet=qeth,0.0.bd00,0.0.bd01,0.0.bd02,layer2=1,portno=0,portname=OSAPORT'
component address:
heap area.......: 0x00002000-0x00005fff
stack area......: 0x0000f000-0x0000ffff
internal loader.: 0x0000a000-0x0000dfff
parameters......: 0x00009000-0x000091ff
kernel image....: 0x00010000-0x004f1fff
parmline........: 0x004f3000-0x004f31ff
initial ramdisk.: 0x00500000-0x01b059ff
Adding #2: IPL section 'Red Hat Enterprise Linux (0-rescue-f648539b1cca444bb23b099a83e9804b) 8.1 (Ootpa)'
initial ramdisk...: /boot/initramfs-0-rescue-f648539b1cca444bb23b099a83e9804b.img
signature for.....: /lib/s390-tools/stage3.bin
kernel image......: /boot/vmlinuz-0-rescue-f648539b1cca444bb23b099a83e9804b
signature for.....: /boot/vmlinuz-0-rescue-f648539b1cca444bb23b099a83e9804b
kernel parmline...: 'root=UUID=55174956-624e-420a-8fcf-22cb571352d9 crashkernel=128M rd.zfcp=0.0.1900,0x500507630b01c320,0x4050409600000000 rd.zfcp=0.0.1940,0x500507630b09c320,0x4050409600000000 cio_ignore=all,!condev rd.znet=qeth,0.0.bd00,0.0.bd01,0.0.bd02,layer2=1,portno=0,portname=OSAPORT'
component address:
heap area.......: 0x00002000-0x00005fff
stack area......: 0x0000f000-0x0000ffff
internal loader.: 0x0000a000-0x0000dfff
parameters......: 0x00009000-0x000091ff
kernel image....: 0x00010000-0x004f1fff
parmline........: 0x004f3000-0x004f31ff
initial ramdisk.: 0x00500000-0x02637fff
Preparing boot device: dm-0.
Detected SCSI PCBIOS disk layout.
Writing SCSI master boot record.
Syncing disks...
Done.

After that you can IPL your RHEL 8.1 with secure boot enabled. 

Ubuntu 20.04

To enable secure boot install normally on SCSI. Then add the line 
secure=1 in the [ubuntu] section of /etc/zipl.conf. 
Then call zipl -V and you should see an output like the following – look for the “signature for…..” messages. 

root@t35lp76:~# zipl -V
Using config file '/etc/zipl.conf'
Target device information
Device..........................: 08:10
Partition.......................: 08:11
Device name.....................: sdb
Device driver name..............: sd
Type............................: disk partition
Disk layout.....................: SCSI disk layout
Geometry - start................: 2048
File system block size..........: 4096
Physical block size.............: 512
Device size in physical blocks..: 41940992
Building bootmap in '/boot'
Building menu 'menu'
Adding #1: IPL section 'ubuntu' (default)
initial ramdisk...: /boot/initrd.img
signature for.....: /lib/s390-tools/stage3.bin
kernel image......: /boot/vmlinuz
signature for.....: /boot/vmlinuz
kernel parmline...: 'root=UUID=81a160ef-e00e-4365-b865-8cb7edae4f5a crashkernel=196M'
component address:
heap area.......: 0x00002000-0x00005fff
stack area......: 0x0000f000-0x0000ffff
internal loader.: 0x0000a000-0x0000dfff
parameters......: 0x00009000-0x000091ff
kernel image....: 0x00010000-0x007c5fff
parmline........: 0x007c7000-0x007c71ff
initial ramdisk.: 0x007d0000-0x01b827ff
...

Update November 2023: ECKD Secure boot and extended documentation

IBM has consolidated the dispersed documentation on how to get this to run. You now can find a lot of details in this document. The key enhancements are: 

  • public keys from the distribution partners can be inserted using the HMC
  • ECKD IPL is supported
  • Guests under z/VM are supported

(updated 11/30/2022)

Leave a Comment

Your email address will not be published. Required fields are marked *