diff options
| author | Vivek Goyal <vgoyal@redhat.com> | 2014-08-18 11:22:32 -0400 |
|---|---|---|
| committer | Simon Horman <horms@verge.net.au> | 2014-08-27 16:59:04 +0900 |
| commit | 046d1755d2bd723a11a180c265e61a884990712e (patch) | |
| tree | af5fab084733aeada0dc6f067dd240fb35144e75 /kexec/kexec.h | |
| parent | 943ba35f8143408d8ada9a24d0986663cc612df9 (diff) | |
kexec: Provide an option to use new kexec system call
Hi,
This is v2 of the patch. Since v1, I moved syscall implemented check littler
earlier in the function as per the feedback.
Now a new kexec syscall (kexec_file_load()) has been merged in upstream
kernel. This system call takes file descriptors of kernel and initramfs
as input (as opposed to list of segments to be loaded). This new system
call allows for signature verification of the kernel being loaded.
One use of signature verification of kernel is secureboot systems where
we want to allow kexec into a kernel only if it is validly signed by
a key system trusts.
This patch provides and option --kexec-file-syscall (-s), to force use of
new system call for kexec. Default is to continue to use old syscall.
Currently only bzImage64 on x86_64 can be loaded using this system call.
As kernel adds support for more arches and for more image types, kexec-tools
can be modified accordingly.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Diffstat (limited to 'kexec/kexec.h')
| -rw-r--r-- | kexec/kexec.h | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/kexec/kexec.h b/kexec/kexec.h index 2fad7dc..4be2b2f 100644 --- a/kexec/kexec.h +++ b/kexec/kexec.h @@ -156,6 +156,13 @@ struct kexec_info { unsigned long kexec_flags; unsigned long backup_src_start; unsigned long backup_src_size; + /* Set to 1 if we are using kexec file syscall */ + unsigned long file_mode :1; + + /* Filled by kernel image processing code */ + int initrd_fd; + char *command_line; + int command_line_len; }; struct arch_map_entry { @@ -207,6 +214,7 @@ extern int file_types; #define OPT_UNLOAD 'u' #define OPT_TYPE 't' #define OPT_PANIC 'p' +#define OPT_KEXEC_FILE_SYSCALL 's' #define OPT_MEM_MIN 256 #define OPT_MEM_MAX 257 #define OPT_REUSE_INITRD 258 @@ -230,9 +238,10 @@ extern int file_types; { "mem-min", 1, 0, OPT_MEM_MIN }, \ { "mem-max", 1, 0, OPT_MEM_MAX }, \ { "reuseinitrd", 0, 0, OPT_REUSE_INITRD }, \ + { "kexec-file-syscall", 0, 0, OPT_KEXEC_FILE_SYSCALL }, \ { "debug", 0, 0, OPT_DEBUG }, \ -#define KEXEC_OPT_STR "h?vdfxluet:p" +#define KEXEC_OPT_STR "h?vdfxluet:ps" extern void dbgprint_mem_range(const char *prefix, struct memory_range *mr, int nr_mr); extern void die(const char *fmt, ...) |