[RFC] Kdump with UEFI secure boot (Re: [PATCH v2] kdump: pass acpi_rsdp= to 2nd kernel for efi booting)

Vivek Goyal vgoyal at redhat.com
Tue Oct 23 13:18:00 EDT 2012

On Tue, Oct 23, 2012 at 08:51:53AM -0700, Eric W. Biederman wrote:

> > purgatory code is modified dynamically upon every invocation of kexec.
> > That means there needs to be a mechanism to sign it after we are done
> > with purgatory modification. But there are no signing keys available
> > on the system. All the signing happens externally during build time. So
> > we don't have the option of signing purgatory at run time.
> Hogwash.
> The only significant modification we make to purgatory is relocation
> processing.  That relocation processing is a convinience, not a
> necessity.  Potentially we could move the relocation processing into
> purgatory itself.

Apart from relocations, we also set some variable values.

- Like entry point of kernel.
- Like address of backup region etc.

And all this information is dynamic and varies based on where memory for
second kernel was reserved. So until and unless we figure out a way to
solve that problem, we can't sign purgatory at build time.


More information about the kexec mailing list