Andreas PlachThe team has published a new guide to setup Red Hat Openshift Container Platform (RHOCP) on Red Hat OpenShift Virtualization (RHOCPV) with IBM Z
https://community.ibm.com/community/user/blogs/klaus-smolin/2026/05/18/deploying-rhocp-on-rhocpv
libzpc - A Protected-Key Cryptographic Library
https://www.ibm.com/docs/en/linux-on-systems?topic=library-libzpc-15
There is one enhancement in the libzpc 1.5 version:
libzpc 1.5 now reacts to a verification pattern mismatch caused by live guest relocation or migration by re-creating the protected keys from the key material it was derived from.
libzpc - A Protected-Key Cryptographic Library
libzpc offers APIs to exploit the high performance of protected-key cryptography in the CPACF without the need to code assembler language. As protected keys are volatile, libzpc provides a mechanism to keep a protected key's effective key as a permanent secure key with the possibility to automatically derive a new protected key whenever required.
There are three new guides around Crypto and Linux on IBM Z.
You can find the publication here:
Set up openCryptoki : https://www.ibm.com/docs/en/solution-assurance?topic=security-set-up-apache-http-server-pkcs11-providers
Set up an Apache HTTP Server with PKCS#11 providers : https://www.ibm.com/docs/en/solution-assurance?topic=security-set-up-apache-http-server-pkcs11-providers
Set up an nginx web server with PKCS#11 providers : https://www.ibm.com/docs/en/solution-assurance?topic=security-set-up-nginx-web-server-pkcs11-providers
An update to the publication:
"Pervasive Encryption for Data Volumes"
is now available on
https://www.ibm.com/docs/en/linuxonibm/lxdc/lxdc_linuxonz.html
The main enhancements are the support for retrievable secrets on IBM Secure Execution for Linux guests, the ease of use of passphrases, and the improved handling of #EP11 extractable and #CCA exportable keys.
Pervasive Encryption for Data Volumes
This document describes an infrastructure for encrypting volumes using protected and secure keys for encrypting and decrypting data. This infrastructure for protected volume encryption provides end-to-end protection for data at-rest for Linux on IBM Z and IBM LinuxONE.
The Dev team neighboring my Org is looking for an OpenShift Hypervisor Developer. If you want to become a key member of a dynamic team, you will play a vital role in designing, developing and integrating new Core Virtualization features directly into Layered Products such as OpenShift Virtualization (KubeVirt and Kubernetes).
#RedHat #openshift #ibm #ibmz #linuxonZ #fediHire #fedijobs
https://ibmglobal.avature.net/en_US/careers/JobDetail?jobId=61286&source=WEB_Leadrouting
November 12, 2025
IBM TechXchange Virtual Event : free 1-day enterprise computing virtual conference for anyone and everyone! Hear the latest about IBM Z and LinuxONE, and join over 250 industry expert speakers and global thought leaders who will highlight industry trends and innovation spanning AI, Hybrid Cloud, Quantum-Safe Security, and more!
libzpc - A Protected-Key Cryptographic Library 1.3 + 1.4:
libzpc version 1.3 introduces a new protected key origin called ultravisor retrievable secret. You can use protected keys derived from retrievable secrets for encryption and decryption (AES), and for sign and verify operations (ECC) on an IBM z17.
libzpc version 1.4 supports new types of protected keys from origin retrievable secrets:
full-XTS and HMAC protected keys. New groups of function APIs are provided to run on an IBM z17
to perform operations with these new key types.
https://www.ibm.com/docs/en/linux-on-systems?topic=linuxonibm/lxpc/lxpc_linuxonz.htm
libzpc - A Protected-Key Cryptographic Library for Linux on IBM Z and IBM LinuxONE
libzpc offers APIs to exploit the high performance of protected-key cryptography in the CPACF without the need to code assembler language. As protected keys are volatile, libzpc provides a mechanism to keep a protected key's effective key as a permanent secure key with the possibility to automatically derive a new protected key whenever required.
Secure Key Solution with the Common Cryptographic Architecture Application Programmer's Guide Version 8.4
With CCA releases 7.6 and 8.4, several verbs now support RSA key sizes in the range 4097 - 8192 bits. Enhanced support is available for verb CSNBT31X for translation of CCA AES PINPROT tokens to TR-31 P0 tokens. CCA Release 8.4 also offers enhanced post-quantum computing support for ML-KEM, pure ML-DSA, and pre-hash ML-DSA algorithms.
https://www.ibm.com/docs/en/linux-on-systems?topic=linuxonibm/lxcc/wskc_cca_linuxonz.htm
libzpc - A Protected-Key Cryptographic Library for Linux on IBM Z and IBM LinuxONE
libzpc offers APIs to exploit the high performance of protected-key cryptography in the CPACF without the need to code assembler language. As protected keys are volatile, libzpc provides a mechanism to keep a protected key's effective key as a permanent secure key with the possibility to automatically derive a new protected key whenever required.
The Network Express adapter and the RoCE Express adapters are network adapters for #IBMz and #LinuxONE hardware. This paper introduces Network Express for #IBM #z17 and LinuxONE 5:
https://www.ibm.com/docs/en/linux-on-systems?topic=adapters-networking-pci-functions
A new network adapter is available for #IBM #z17 and new message-security assist (MSA) instructions are provided. With new commands you can display the functions and instructions that are available with CPACF, and retrieve and display memory topology information for LPARs on #ibmz
https://www.ibm.com/docs/en/linux-on-systems?topic=configuration-device-drivers-features-commands