Take a look at validated boot/IPL for z/OS on a z16. PTFs are just starting to come out.
Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get&search=markjac...@protonmail.com ------- Original Message ------- On Thursday, May 25th, 2023 at 7:34 PM, Andrew Rowley <and...@blackhillsoftware.com> wrote: > On 26/05/2023 4:28 am, Kurt J. Quackenbush wrote: > > > Glad to hear it works great and "management will love it." If you find > > value in this capability I encourage you to reach out to your other > > software providers and request they also start signing their packages. I > > know one in particular is already working on it, but not sure about the > > many others. > > What about non-SMP/E delivered software? > > What would be nice to see is a function where e.g. APF and linklist > libraries at least were required to be signed. I know there was a > discussion some time back on the difficulties with load modules due to > reblocking etc. > > However, we can also sign things on z/OS e.g. SMF data. So you could > have a local signing key usable for functions like the binder and > IEBCOPY, and under certain conditions e.g. > - all input is signed > - IEBCOPY etc. is APF authorized > the reblocked module is signed with the local key, maintaining a chain > of signatures that can be validated back to the original package. > > Other components (panels etc.) would be much easier to validate a > signature. So it would be nice to be able to look at everything and see > that it is either unchanged from a vendor, or something modified locally. > > -- > Andrew Rowley > Black Hill Software > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
