[RFC] Kdump with UEFI secure boot (Re: [PATCH v2] kdump: pass acpi_rsdp= to 2nd kernel for efi booting)

[Matthew Garrett]

On Thu, Oct 18, 2012 at 03:38:31PM -0400, Vivek Goyal wrote:

> I was thinking that how about supporting in kernel bootloader. That is,
> kernel acts as a boot loader. User passes the kernel, initrd and
> commandline from user space using kexec system call and kernel parses
> it and prepares appropriate memory areas ( ex. boot_params, kernel, initramfs,
> backup region, elf header region etc). At the time of kexec -e, we just
> follow th regular path and jump to second kernel.
> 
> At the time of loading, kernel can verify the signature of incoming
> bzImage and reject it if signatures don't match. Matthew mentioned that
> kernel signing certificate will be available inside the running kernel,
> so verifying PE/COFF bzImage should be easy.

That all sounds fine to me.

> There is one side issue of acpi_rsdp. Because second kernel executes
> the code specified by acpi_rsdp, it is unsafe to let user specify
> that location. Matthew metioned that figure a way out to pass acpi_rsdp
> using boot params and drop it from command line.

That would just be a matter of adding it to the structure and modifying 
drivers/acpi/osl.c.

-- 
Matthew Garrett | mjg59 at srcf.ucam.org