[RFC] Kdump with UEFI secure boot (Re: [PATCH v2] kdump: pass acpi_rsdp= to 2nd kernel for efi booting)
vgoyal at redhat.com
Tue Oct 23 13:18:00 EDT 2012
On Tue, Oct 23, 2012 at 08:51:53AM -0700, Eric W. Biederman wrote:
> > purgatory code is modified dynamically upon every invocation of kexec.
> > That means there needs to be a mechanism to sign it after we are done
> > with purgatory modification. But there are no signing keys available
> > on the system. All the signing happens externally during build time. So
> > we don't have the option of signing purgatory at run time.
> The only significant modification we make to purgatory is relocation
> processing. That relocation processing is a convinience, not a
> necessity. Potentially we could move the relocation processing into
> purgatory itself.
Apart from relocations, we also set some variable values.
- Like entry point of kernel.
- Like address of backup region etc.
And all this information is dynamic and varies based on where memory for
second kernel was reserved. So until and unless we figure out a way to
solve that problem, we can't sign purgatory at build time.
More information about the kexec