Andreas PlachFeb 10

There are three new guides around Crypto and Linux on IBM Z.
You can find the publication here:
Set up openCryptoki : https://www.ibm.com/docs/en/solution-assurance?topic=security-set-up-apache-http-server-pkcs11-providers

Set up an Apache HTTP Server with PKCS#11 providers : https://www.ibm.com/docs/en/solution-assurance?topic=security-set-up-apache-http-server-pkcs11-providers

Set up an nginx web server with PKCS#11 providers : https://www.ibm.com/docs/en/solution-assurance?topic=security-set-up-nginx-web-server-pkcs11-providers

#ibm #linux #linuxonZ #ibmz #crypto #pkcs11

Set up an Apache HTTP Server with PKCS#11 providers

Learn how to configure an Apache HTTP Server to enable TLS with protected private keys, including soft and ICA tokens, hardware‑protected CCA and EP11 tokens, and keys accessed through PKCS#11 URIs.

Andreas PlachJan 21

An update to the publication:
"Pervasive Encryption for Data Volumes"
is now available on
https://www.ibm.com/docs/en/linuxonibm/lxdc/lxdc_linuxonz.html

The main enhancements are the support for retrievable secrets on IBM Secure Execution for Linux guests, the ease of use of passphrases, and the improved handling of #EP11 extractable and #CCA exportable keys.

#ibm #linux #linuxonZ #crypto

Pervasive Encryption for Data Volumes

This document describes an infrastructure for encrypting volumes using protected and secure keys for encrypting and decrypting data. This infrastructure for protected volume encryption provides end-to-end protection for data at-rest for Linux on IBM Z and IBM LinuxONE.

Andreas PlachNov 13

The Dev team neighboring my Org is looking for an OpenShift Hypervisor Developer. If you want to become a key member of a dynamic team, you will play a vital role in designing, developing and integrating new Core Virtualization features directly into Layered Products such as OpenShift Virtualization (KubeVirt and Kubernetes).
#RedHat #openshift #ibm #ibmz #linuxonZ #fediHire #fedijobs

https://ibmglobal.avature.net/en_US/careers/JobDetail?jobId=61286&source=WEB_Leadrouting

OpenShift Hypervisor Developer (f/m/x)

IBM
Andreas PlachNov 11

November 12, 2025
IBM TechXchange Virtual Event : free 1-day enterprise computing virtual conference for anyone and everyone! Hear the latest about IBM Z and LinuxONE, and join over 250 industry expert speakers and global thought leaders who will highlight industry trends and innovation spanning AI, Hybrid Cloud, Quantum-Safe Security, and more!

https://community.ibm.com/zsystems/events/ibm-z-day-2025/

#ibm #linux #linuxonZ #ibmz #ai #security

IBM Z Day 2025

IBM Z Day is a free 1-day enterprise computing virtual conference for anyone and everyone! Hear the latest about IBM Z and LinuxONE, and join over 250 industry expert speakers and global thought leaders!

IBM Z and LinuxONE Neighborhood
Andreas PlachOct 1

libzpc - A Protected-Key Cryptographic Library 1.3 + 1.4:

libzpc version 1.3 introduces a new protected key origin called ultravisor retrievable secret. You can use protected keys derived from retrievable secrets for encryption and decryption (AES), and for sign and verify operations (ECC) on an IBM z17.
libzpc version 1.4 supports new types of protected keys from origin retrievable secrets:
full-XTS and HMAC protected keys. New groups of function APIs are provided to run on an IBM z17
to perform operations with these new key types.

https://www.ibm.com/docs/en/linux-on-systems?topic=linuxonibm/lxpc/lxpc_linuxonz.htm

#ibm #linux #LinuxonZ #crypto #ibmz

libzpc - A Protected-Key Cryptographic Library for Linux on IBM Z and IBM LinuxONE

libzpc offers APIs to exploit the high performance of protected-key cryptography in the CPACF without the need to code assembler language. As protected keys are volatile, libzpc provides a mechanism to keep a protected key's effective key as a permanent secure key with the possibility to automatically derive a new protected key whenever required.

Andreas PlachOct 1

Secure Key Solution with the Common Cryptographic Architecture Application Programmer's Guide Version 8.4

With CCA releases 7.6 and 8.4, several verbs now support RSA key sizes in the range 4097 - 8192 bits. Enhanced support is available for verb CSNBT31X for translation of CCA AES PINPROT tokens to TR-31 P0 tokens. CCA Release 8.4 also offers enhanced post-quantum computing support for ML-KEM, pure ML-DSA, and pre-hash ML-DSA algorithms.

https://www.ibm.com/docs/en/linux-on-systems?topic=linuxonibm/lxcc/wskc_cca_linuxonz.htm

#IBM #linux #cca #crypto #LinuxonZ

libzpc - A Protected-Key Cryptographic Library for Linux on IBM Z and IBM LinuxONE

libzpc offers APIs to exploit the high performance of protected-key cryptography in the CPACF without the need to code assembler language. As protected keys are volatile, libzpc provides a mechanism to keep a protected key's effective key as a permanent secure key with the possibility to automatically derive a new protected key whenever required.

Andreas PlachJul 10, 2025

The Network Express adapter and the RoCE Express adapters are network adapters for #IBMz and #LinuxONE hardware. This paper introduces Network Express for #IBM #z17 and LinuxONE 5:

https://www.ibm.com/docs/en/linux-on-systems?topic=adapters-networking-pci-functions

#LinuxonZ #linux

Networking with PCI adapters and functions (RoCE Express, Network Express) on Linux on IBM Z (zSystems, mainframe)

You can use a PCI network adapter to connect an instance of Linux on IBM Z or LinuxONE to an external network.

Andreas PlachJul 10, 2025

A new network adapter is available for #IBM #z17 and new message-security assist (MSA) instructions are provided. With new commands you can display the functions and instructions that are available with CPACF, and retrieve and display memory topology information for LPARs on #ibmz
https://www.ibm.com/docs/en/linux-on-systems?topic=configuration-device-drivers-features-commands

#linux #LinuxONE #LinuxonZ

Device Drivers, Features, and Commands

How you manage the devices on your Linux instance depends on your distribution. Use the applicable version of the device driver and command information for your distribution.

Andreas PlachJul 8, 2025

update of the openCryptoki publication is now available on the external ibm.com/docs site.

- openCryptoki - An Open Source Implementation of PKCS #11

https://www.ibm.com/docs/en/linux-on-systems?topic=11-opencryptoki-version-325

#ibm #linux #crypto #LinuxONE #LinuxonZ

openCryptoki - An Open Source Implementation of PKCS #11 - Guide and Reference

openCryptoki is an open source implementation of the Cryptoki API defined by the PKCS #11 Cryptographic Token Interface Standard.

Andreas PlachApr 24, 2025

Webcast on May 13 to learn about how to unlock the potential of #Linux and #AI with IBM LinuxONE :

- technology overview of IBM LinuxONE
- How the Port of Barcelona manages 70 million tons and 9,000 ships
- Panel discussion with IBM thought leaders in security, efficiency and AI
- How the Belgian Ministry of Finance is handling the needs of 11.7 million citizens

Register here:
https://ibm.webcasts.com/starthere.jsp?ei=1713578

#ibm #LinuxonZ

Unlock the Potential of Linux and AI with IBM LinuxONE - 1713578