kexec-tools/dracut-early-kdump.sh
Coiby Xu 24020b226a powerpc: update kdumpctl to load kernel signing key for fadump
Resolves: https://issues.redhat.com/browse/RHEL-14003
Upstream: Fedora
Conflict: None

commit 4fa17b2ee4
Author: Nayna Jain <nayna@linux.ibm.com>
Date:   Tue Oct 3 23:41:47 2023 -0400

    powerpc: update kdumpctl to load kernel signing key for fadump

    On secure boot enabled systems with static keys, kexec with kexec_file_load(-s)
    fails as "Permission Denied" when fadump is enabled.

    Similar to kdump, load kernel signing key for fadump as well.

    Reported-by: Sachin P Bappalige <sachinpb@linux.vnet.ibm.com>
    Signed-off-by: Nayna Jain <nayna@linux.ibm.com>

Signed-off-by: Coiby Xu <coxu@redhat.com>
2023-11-08 01:36:58 +00:00

80 lines
1.8 KiB
Bash
Executable File

#! /bin/sh
KEXEC=/sbin/kexec
standard_kexec_args="-p"
EARLY_KDUMP_INITRD=""
EARLY_KDUMP_KERNEL=""
EARLY_KDUMP_CMDLINE=""
EARLY_KDUMP_KERNELVER=""
EARLY_KEXEC_ARGS=""
. /etc/sysconfig/kdump
. /lib/dracut-lib.sh
. /lib/kdump-lib.sh
. /lib/kdump-logger.sh
# initiate the kdump logger
if ! dlog_init; then
echo "failed to initiate the kdump logger."
exit 1
fi
prepare_parameters()
{
EARLY_KDUMP_CMDLINE=$(prepare_cmdline "${KDUMP_COMMANDLINE}" "${KDUMP_COMMANDLINE_REMOVE}" "${KDUMP_COMMANDLINE_APPEND}")
EARLY_KDUMP_KERNEL="/boot/kernel-earlykdump"
EARLY_KDUMP_INITRD="/boot/initramfs-earlykdump"
}
early_kdump_load()
{
if ! check_kdump_feasibility; then
return 1
fi
if is_fadump_capable; then
dwarn "WARNING: early kdump doesn't support fadump."
return 1
fi
if is_kernel_loaded "kdump"; then
return 1
fi
prepare_parameters
EARLY_KEXEC_ARGS=$(prepare_kexec_args "${KEXEC_ARGS}")
# Here, only output the messages, but do not save these messages
# to a file because the target disk may not be mounted yet, the
# earlykdump is too early.
ddebug "earlykdump: $KEXEC ${EARLY_KEXEC_ARGS} $standard_kexec_args \
--command-line=$EARLY_KDUMP_CMDLINE --initrd=$EARLY_KDUMP_INITRD \
$EARLY_KDUMP_KERNEL"
if $KEXEC $EARLY_KEXEC_ARGS $standard_kexec_args \
--command-line="$EARLY_KDUMP_CMDLINE" \
--initrd=$EARLY_KDUMP_INITRD $EARLY_KDUMP_KERNEL; then
dinfo "kexec: loaded early-kdump kernel"
return 0
else
derror "kexec: failed to load early-kdump kernel"
return 1
fi
}
set_early_kdump()
{
if getargbool 0 rd.earlykdump; then
dinfo "early-kdump is enabled."
early_kdump_load
else
dinfo "early-kdump is disabled."
fi
return 0
}
set_early_kdump