[PATCH V2] kexec: Provide an option to use new kexec system call
Simon Horman
horms at verge.net.au
Wed Aug 27 07:04:45 PDT 2014
On Wed, Aug 27, 2014 at 09:04:39AM -0400, Vivek Goyal wrote:
> On Wed, Aug 27, 2014 at 04:59:37PM +0900, Simon Horman wrote:
> > On Tue, Aug 26, 2014 at 10:30:34AM -0400, Vivek Goyal wrote:
> > > On Mon, Aug 18, 2014 at 11:22:32AM -0400, Vivek Goyal wrote:
> > > > Hi,
> > > >
> > > > This is v2 of the patch. Since v1, I moved syscall implemented check littler
> > > > earlier in the function as per the feedback.
> > > >
> > > > Now a new kexec syscall (kexec_file_load()) has been merged in upstream
> > > > kernel. This system call takes file descriptors of kernel and initramfs
> > > > as input (as opposed to list of segments to be loaded). This new system
> > > > call allows for signature verification of the kernel being loaded.
> > > >
> > > > One use of signature verification of kernel is secureboot systems where
> > > > we want to allow kexec into a kernel only if it is validly signed by
> > > > a key system trusts.
> > > >
> > > > This patch provides and option --kexec-file-syscall (-s), to force use of
> > > > new system call for kexec. Default is to continue to use old syscall.
> > > >
> > > > Currently only bzImage64 on x86_64 can be loaded using this system call.
> > > > As kernel adds support for more arches and for more image types, kexec-tools
> > > > can be modified accordingly.
> > > >
> > >
> > > Hi Simon,
> > >
> > > Do you have any concerns with this patch? If not, can you please consider
> > > it for merge.
> >
> > Thanks, applied.
>
> Thanks Simon. Have you pushed it out yet. git pull does not show anything.
It seems not. I have done so now.
More information about the kexec
mailing list