kdumpctl: Use kexec file based syscall for secureboot enabled machines

Now kexec file based syscall can be used with secureboot enabled machines.
Automatically switch to using new syscall if secureboot is enabled on the
machine.

Also remove the old message where kdump service failed if secureboot is
enabled. That's not the case anymore.

v2:
  Renamed "secureboot" to "Secure Boot" in user visible message.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
This commit is contained in:
Vivek Goyal 2014-09-08 11:35:22 -04:00 committed by Baoquan He
parent d301d5e542
commit 38329992fe

View File

@ -433,6 +433,14 @@ load_kdump()
KDUMP_COMMANDLINE=`prepare_cmdline` KDUMP_COMMANDLINE=`prepare_cmdline`
# For secureboot enabled machines, use new kexec file based syscall.
# Old syscall will always fail as it does not have capability to
# to kernel signature verification.
if is_secure_boot_enforced; then
echo "Secure Boot is enabled. Using kexec file based syscall."
KEXEC_ARGS="$KEXEC_ARGS -s"
fi
$KEXEC $KEXEC_ARGS $standard_kexec_args \ $KEXEC $KEXEC_ARGS $standard_kexec_args \
--command-line="$KDUMP_COMMANDLINE" \ --command-line="$KDUMP_COMMANDLINE" \
--initrd=$TARGET_INITRD $kdump_kernel --initrd=$TARGET_INITRD $kdump_kernel
@ -702,11 +710,6 @@ is_secure_boot_enforced()
check_kdump_feasibility() check_kdump_feasibility()
{ {
if is_secure_boot_enforced; then
echo "Secure Boot is Enabled. Kdump service can't be started. Disable Secure Boot and retry"
return 1;
fi
if [ ! -e /sys/kernel/kexec_crash_loaded ]; then if [ ! -e /sys/kernel/kexec_crash_loaded ]; then
echo "Kdump is not supported on this kernel" echo "Kdump is not supported on this kernel"
return 1 return 1