[PATCH v4 5/5] kexec: document -s, -c and -a options.
Dave Young
dyoung at redhat.com
Wed Mar 14 00:50:31 PDT 2018
On 03/14/18 at 08:25am, Michal Suchánek wrote:
> On Wed, 14 Mar 2018 11:41:30 +0800
> Dave Young <dyoung at redhat.com> wrote:
>
> > On 03/06/18 at 02:15pm, Michal Suchanek wrote:
> > > Signed-off-by: Michal Suchanek <msuchanek at suse.de>
> > > ---
> > > kexec/kexec.8 | 15 +++++++++++++++
> > > 1 file changed, 15 insertions(+)
> > >
> > > diff --git a/kexec/kexec.8 b/kexec/kexec.8
> > > index e0131b4ea827..b3543db3f413 100644
> > > --- a/kexec/kexec.8
> > > +++ b/kexec/kexec.8
> > > @@ -144,6 +144,21 @@ Load the new kernel for use on panic.
> > > Specify that the new kernel is of this
> > > .I type.
> > > .TP
> > > +.BI \-s\ (\-\-kexec-file-syscall)
> > > +Specify that the new KEXEC_FILE_LOAD syscall should be used
> > > exclusively.
> >
> > Maybe better to be simple like below:
> > "Use kexec_file_load syscall to load the new kernel."
> >
> >
> > > +.TP
> > > +.BI \-c\ (\-\-kexec-syscall)
> > > +Specify that the old KEXEC_LOAD syscall should be used exclusively
> > > (the default).
> >
> > similarly:
> > "Use kexec_load syscall to load the new kernel."
> >
> > > +.TP
> > > +.BI \-a\ (\-\-kexec-syscall-auto)
> > > +Try the new simpler KEXEC_FILE_LOAD syscall first and if it is not
> > > supported +fall back to the old KEXEC_LOAD interface.
> > > +
> > > +There is no one single interface that always works.
> > > KEXEC_FILE_LOAD is required +on systems that use locked-down secure
> > > boot to verify the kernel signature. +KEXEC_LOAD is required for
> > > some kernel image formats and on architectures that +do not support
> > > KEXEC_FILE_LOAD.
> >
> > It seems not good to say kexec_file_load is simpler and newer. Also
> > it is not a must for Secure Boot and locked down kernel only. So it
> > would be better to just simplify and use the first paragraph:
> >
> > "Try kexec_file_load syscall first and if it is not supported fall
> > back to the kexec_load syscall"
>
> There was a request for explanation so just the first paragraph will
> not do. What is it required for other than secure boot?
People can use kexec -s to load a signed kernel but not necessary to
boot with Secure Boot enabled.
There is no Secure Boot in powerpc, arm64 now.
>
> Thanks
>
> Michal
More information about the kexec
mailing list