Posts

New How-To published: Pervasive Encryption for Data Volumes

Start to pervasively encrypt data with Linux!

The  Pervasive Encryption for Data Volumes introduces an infrastructure
for encrypting volumes using protected and secure keys. This infrastructure provides end-to-end protection for data at rest for Linux on IBM Z and LinuxONE.

Read in the IBM Knowledge Center or download the PDF.

Webinar: What if even your Linux admin may not know your secrets?

Register and join the webinar on October, 17th a 11:00 AM EDT.

Hardware security modules (HSMs) are tamper proof devices that meant to secure the most valuable secrets of an enterprise. They typically contain a master secret (master key) from which other secrets can be derived. This master secret cannot be extracted from the HSM.

The IBM Crypto Express Adapters can be configured in three different modes two of which (CCA and EP11) are HSM modes. Using Crypto Express in either CCA or EP11 modes allows you to perform secure key cryptographic operations without ever exposing plain text key material in the system memory.

We show you how to set up Linux on Z to use either CCA or EP11 secure key cryptography, describe the components involved in a secure key solution to either manage the crypto adapter or to perform cryptographic operations.

Last but not least, we provide an outlook for using protected key cryptography in Linux.


Speaker: Dr. Reinhard Buendgen, Product Owner Security for Linux…

Linux kernel 4.18 released

Recently, Linux kernel 4.18 was released.

For Linux on Z, it provides the base set of functionality and features for remote Shared Memory Communications (SMC-R), including compatibility with z/OS. Beside SMC-R, support for IPv6 checksum offload was added to the qeth device driver. You can control offload settings with the ethtool utility.

You can obtain the Linux kernel 4.18 here or its latest stable release at kernel.org. The corresponding s390-tools version is 2.6.0.

See also the documentation on developerWorks, for example, the Device Drivers, Features, and Commands edition for Linux kernel 4.18.

How to use SMC?

You have heard about SMC but wonder how to set up shared memory communications? Read more on Stefan Raspl's article about SMC for Linux on IBM Z.

s390-tools 2.6.0 released

The s390-tools 2.6.0 version has been released today. You can obtain it on GitHub.

Besides some fixes, it introduces a new utility called zkey-cryptsetup.

So what can you do with it? zkey-cryptsetup helps you with updating your secure keys used for disk encryption.  Use it when a master key change for IBM Crypto Express adapters requires an update of your secure keys.

Sounds cryptic? Watch this space, I plan for an article about it.

SHARE St. Louis 2018

Image
The SHARE 2018 starts next week in St. Louis, Missouri. As usual, people from the German Linux on Z team will be around and talk about various topics. For program details, see the Linux and VM.

If you are also there, don't miss these sessions:

Discover technologies:
What's New in Linux on IBM Z? (Session #23233) - Overview of features in development by IBM and the open source community.SMC for Linux on IBM Z  (Session #23166) - Overview of Shared Memory Communication (SMC) technology for Linux on Z.Optimizing your Linux and z/OS Solutions with Shared Memory Communications (Session #22807) - What happens when you connect z/OS and Linux together using a highly optimized network interconnect?Docker and IBM Z (Session #22973) - Overview of Docker, its concepts, and its usage in light of Linux on IBM Z.KVM on IBM Z (Session #23164) - Latest news on KVM development work with the open source community. Tune performance:
Linux on IBM z14 - Performance Update (Session #23236) - Overview …

Welcome to the Linux on Z blog!

Get upstream news about open source projects that focus on Linux on Z and LinuxONE.

Stay tuned!