Support Content Notification - Support Portal

ACTION REQUIRED: Security Changes for Signed and Unsigned SMP/E Packages

Product/Component

Resource Initialization Manager(Comm)

Notification Id

36236

Last Updated

27 October 2025

Initial Publication Date

27 October 2025

Broadcom mainframe software products provide digitally signed receive order and service order PTF packages. Broadcom is in the process of signing Portable Software Instance (PSWI) packages. Any new PSWIs that become generally available after August 26, 2025 will be signed.

Package signing offers important security, trust, and integrity benefits. Using signed packages is a secure method to download packages because you can verify the digital signature before you add the package to your environment.

IBM has published PTFs that require the validation of digitally signed SMP/E packages. In addtion, it will no longer download or consume unsigned GIMZIP packages by default.

Warning: These SMP/E changes will cause Broadcom signed and unsigned packages to fail on the download. Before you apply the IBM PTFs that enhance SMP/E, you must take the actions noted in this communication.

Actions Required

The SMP/E GIMZIP enhancement requires changes to your security configuration for both signed and unsigned packages.

IBM PTFs

The following PTFs include the GIMZIP enhancements:

HMP1K00 = UO05209
HSMA254 = UO05212
HSMA314 = UO05211
HSMA324 = UO05210

Affected Services

Package Type	Signed	Required Configuration Steps
Receive Order	Yes	Download the signing certificate, add the certificate to the keyring, and add signing keyring to your JCL. See Prepare for Signed Package Verification.
Service Order	Yes	Download the signing certificate, add the certificate to the keyring, and add signining keyring to your JCL. See Prepare for Signed Package Verification.
z/OSMF Portable Software Instance (PSWI) Packages	* In Progress	Download the signing certificate and add the certificate to the keyring. You will also need to add security permissions to bypass signing validation. If your package is signed, see Prepare for Signed Package Verification. If your package is unsigned, see Prepare for Unsigned Packages. * Only PSWIs released after August 26, 2025 will be signed.
Classic SMP/E JCL Packages	No	Add security permissions to bypass signing validation. See Prepare for Unsigned Packages.
PTF Downloads from Support Portal	No	No security changes required.

For background details, see Manage Packaging Signing in the Mainframe Common Maintenance Procedures Tech Docs site.