Commit Graph

1 Commits

Author SHA1 Message Date
Baoquan He
3a9200bc9f kexec: Provide an option to use new kexec system call
This is a back port from upstream.

commit 046d1755d2bd723a11a180c265e61a884990712e
Author: Vivek Goyal <vgoyal@redhat.com>
Date:   Mon Aug 18 11:22:32 2014 -0400

    kexec: Provide an option to use new kexec system call

    Hi,

    This is v2 of the patch. Since v1, I moved syscall implemented check littler
    earlier in the function as per the feedback.

    Now a new kexec syscall (kexec_file_load()) has been merged in upstream
    kernel. This system call takes file descriptors of kernel and initramfs
    as input (as opposed to list of segments to be loaded). This new system
    call allows for signature verification of the kernel being loaded.

    One use of signature verification of kernel is secureboot systems where
    we want to allow kexec into a kernel only if it is validly signed by
    a key system trusts.

    This patch provides and option --kexec-file-syscall (-s), to force use of
    new system call for kexec. Default is to continue to use old syscall.

    Currently only bzImage64 on x86_64 can be loaded using this system call.
    As kernel adds support for more arches and for more image types, kexec-tools
    can be modified accordingly.

    Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
    Acked-by: Baoquan He <bhe@redhat.com>
    Signed-off-by: Simon Horman <horms@verge.net.au>

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Baoquan He <bhe@redhat.com>
2014-09-10 10:44:24 +08:00