[PATCH V2] kexec: Provide an option to use new kexec system call

Simon Horman horms at verge.net.au
Wed Aug 27 00:59:37 PDT 2014


On Tue, Aug 26, 2014 at 10:30:34AM -0400, Vivek Goyal wrote:
> On Mon, Aug 18, 2014 at 11:22:32AM -0400, Vivek Goyal wrote:
> > Hi,
> > 
> > This is v2 of the patch. Since v1, I moved syscall implemented check littler
> > earlier in the function as per the feedback.
> > 
> > Now a new kexec syscall (kexec_file_load()) has been merged in upstream
> > kernel. This system call takes file descriptors of kernel and initramfs
> > as input (as opposed to list of segments to be loaded). This new system
> > call allows for signature verification of the kernel being loaded.
> > 
> > One use of signature verification of kernel is secureboot systems where
> > we want to allow kexec into a kernel only if it is validly signed by
> > a key system trusts.
> > 
> > This patch provides and option --kexec-file-syscall (-s), to force use of
> > new system call for kexec. Default is to continue to use old syscall.
> > 
> > Currently only bzImage64 on x86_64 can be loaded using this system call.
> > As kernel adds support for more arches and for more image types, kexec-tools
> > can be modified accordingly.
> > 
> 
> Hi Simon,
> 
> Do you have any concerns with this patch? If not, can you please consider
> it for merge.

Thanks, applied.



More information about the kexec mailing list