<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
Please review the following patches for <a
href="https://bugzilla.redhat.com/show_bug.cgi?id=744207"><b>Bug 744207</b></a>
-<span id="summary_alias_container"> <span
id="short_desc_nonedit_display">Key archival fails when KRA is
configured with lunasa:<br>
<br>
JSS:<br>
<a class="moz-txt-link-freetext"
href="https://bugzilla.redhat.com/attachment.cgi?id=581108&action=diff&context=patch&collapsed=&headers=1&format=raw">https://bugzilla.redhat.com/attachment.cgi?id=581108&action=diff&context=patch&collapsed=&headers=1&format=raw</a><br>
<br>
DRM/KRA:<br>
<a class="moz-txt-link-freetext"
href="https://bugzilla.redhat.com/attachment.cgi?id=581109&action=diff&context=patch&collapsed=&headers=1&format=raw">https://bugzilla.redhat.com/attachment.cgi?id=581109&action=diff&context=patch&collapsed=&headers=1&format=raw</a><br>
<br>
The JSS patch alone allows key archival (both RSA and ECC) to
work with lunasa token<br>
where the lunasa token has to be KE-capable. Work done
specifically on the following model:<br>
</span></span> Model: Luna SA v5 w/ PED auth and CKE <br>
Part No: 908-000093-001 <br>
<br>
The DRM/KRA patch are just some debugging to make recovery debugging
easier with an addition of non-static salt.<br>
The recovery is not working currently, failing with wrapping
operation during PBE creation:<br>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=817423"><b>Bug 817423</b></a>
-<span id="summary_alias_container"> <span
id="short_desc_nonedit_display">Key recovery fails when KRA is
configured with lunasa</span></span><br>
which will be fixed at a later time.<br>
<br>
To test these patches for key archival on the said model of lunasa,
one must turn on the prototype mode for recovery.<br>
<br>
thanks,<br>
Christina
</body>
</html>