[RFC] Kdump with UEFI secure boot (Re: [PATCH v2] kdump: pass acpi_rsdp= to 2nd kernel for efi booting)

Vivek Goyal vgoyal at redhat.com
Mon Nov 5 13:11:41 EST 2012

On Fri, Nov 02, 2012 at 02:36:11PM -0700, H. Peter Anvin wrote:
> On 10/22/2012 02:15 PM, Eric W. Biederman wrote:
> >>
> >> This is like re-designing the kexec/kdump and I really wish there is
> >> an easier way to handle the case signed kernels.
> > 
> > Yes.  Which is why either a signed puragtory or a signed /sbin/kexec
> > look very attractive.
> > 
> Signed purgatory sounds like The Right Thing.  Doing relocation in
> purgatory should be quite trivial; I'd be happy to work with people if
> they need pointers how to do it.

So we sign purgatory and do the relocations in kernel later after
signature verification?

I have few questions though.

- We modify purgatory (update symbol values) in user space. That allows
  us to build single purgatory and chagne its behavior based on user
  options to kexec-tools (like 16bit vs 32bit entry, updating location
  of backup region etc). In fact purgatory to kernel jump location is
  decided at run time and purgatory is updated accordingly. That means
  we can't sign the purgatory.

  So apart from relocation, user space modification of purgatory code
  is also an issue. 

- Even if we come up with a way to avoid that, so will we not sign
  /sbin/kexec in that case? What happens to other unsigned segments
  loaded by /sbin/kexec. (boot_params, command line, elf headers etc).
  Can these be trusted without any signature.

So I am not sure that just signing the purgatory will solve the issue.


More information about the kexec mailing list