mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-11-01 00:48:50 +00:00
e63bde3d94
All other users of crypto code use 'select' instead of 'depends on', so do the same thing with KEXEC_FILE for consistency. In practice this makes very little difference as kernels with kexec support are very likely to also include some other feature that already selects both crypto and crypto_sha256, but being consistent here helps for usability as well as to avoid potential circular dependencies. This reverts the dependency back to what it was originally before commit74ca317c26("kexec: create a new config option CONFIG_KEXEC_FILE for new syscall"), which changed changed it with the comment "This should be safer as "select" is not recursive", but that appears to have been done in error, as "select" is indeed recursive, and there are no other dependencies that prevent CRYPTO_SHA256 from being selected here. Link: https://lkml.kernel.org/r/20231023110308.1202042-2-arnd@kernel.org Fixes:74ca317c26("kexec: create a new config option CONFIG_KEXEC_FILE for new syscall") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Eric DeVolder <eric_devolder@yahoo.com> Tested-by: Eric DeVolder <eric_devolder@yahoo.com> Acked-by: Baoquan He <bhe@redhat.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: Albert Ou <aou@eecs.berkeley.edu> Cc: Alexander Gordeev <agordeev@linux.ibm.com> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Christian Borntraeger <borntraeger@linux.ibm.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Cc: Conor Dooley <conor@kernel.org> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Heiko Carstens <hca@linux.ibm.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Nicholas Piggin <npiggin@gmail.com> Cc: Palmer Dabbelt <palmer@dabbelt.com> Cc: Paul Walmsley <paul.walmsley@sifive.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Sven Schnelle <svens@linux.ibm.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vasily Gorbik <gor@linux.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
150 lines
5.1 KiB
Text
150 lines
5.1 KiB
Text
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
menu "Kexec and crash features"
|
|
|
|
config CRASH_CORE
|
|
bool
|
|
|
|
config KEXEC_CORE
|
|
select CRASH_CORE
|
|
bool
|
|
|
|
config KEXEC_ELF
|
|
bool
|
|
|
|
config HAVE_IMA_KEXEC
|
|
bool
|
|
|
|
config KEXEC
|
|
bool "Enable kexec system call"
|
|
depends on ARCH_SUPPORTS_KEXEC
|
|
select KEXEC_CORE
|
|
help
|
|
kexec is a system call that implements the ability to shutdown your
|
|
current kernel, and to start another kernel. It is like a reboot
|
|
but it is independent of the system firmware. And like a reboot
|
|
you can start any kernel with it, not just Linux.
|
|
|
|
The name comes from the similarity to the exec system call.
|
|
|
|
It is an ongoing process to be certain the hardware in a machine
|
|
is properly shutdown, so do not be surprised if this code does not
|
|
initially work for you. As of this writing the exact hardware
|
|
interface is strongly in flux, so no good recommendation can be
|
|
made.
|
|
|
|
config KEXEC_FILE
|
|
bool "Enable kexec file based system call"
|
|
depends on ARCH_SUPPORTS_KEXEC_FILE
|
|
select CRYPTO
|
|
select CRYPTO_SHA256
|
|
select KEXEC_CORE
|
|
help
|
|
This is new version of kexec system call. This system call is
|
|
file based and takes file descriptors as system call argument
|
|
for kernel and initramfs as opposed to list of segments as
|
|
accepted by kexec system call.
|
|
|
|
config KEXEC_SIG
|
|
bool "Verify kernel signature during kexec_file_load() syscall"
|
|
depends on ARCH_SUPPORTS_KEXEC_SIG
|
|
depends on KEXEC_FILE
|
|
help
|
|
This option makes the kexec_file_load() syscall check for a valid
|
|
signature of the kernel image. The image can still be loaded without
|
|
a valid signature unless you also enable KEXEC_SIG_FORCE, though if
|
|
there's a signature that we can check, then it must be valid.
|
|
|
|
In addition to this option, you need to enable signature
|
|
verification for the corresponding kernel image type being
|
|
loaded in order for this to work.
|
|
|
|
config KEXEC_SIG_FORCE
|
|
bool "Require a valid signature in kexec_file_load() syscall"
|
|
depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE
|
|
depends on KEXEC_SIG
|
|
help
|
|
This option makes kernel signature verification mandatory for
|
|
the kexec_file_load() syscall.
|
|
|
|
config KEXEC_IMAGE_VERIFY_SIG
|
|
bool "Enable Image signature verification support (ARM)"
|
|
default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG
|
|
depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG
|
|
depends on KEXEC_SIG
|
|
depends on EFI && SIGNED_PE_FILE_VERIFICATION
|
|
help
|
|
Enable Image signature verification support.
|
|
|
|
config KEXEC_BZIMAGE_VERIFY_SIG
|
|
bool "Enable bzImage signature verification support"
|
|
depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
|
|
depends on KEXEC_SIG
|
|
depends on SIGNED_PE_FILE_VERIFICATION
|
|
select SYSTEM_TRUSTED_KEYRING
|
|
help
|
|
Enable bzImage signature verification support.
|
|
|
|
config KEXEC_JUMP
|
|
bool "kexec jump"
|
|
depends on ARCH_SUPPORTS_KEXEC_JUMP
|
|
depends on KEXEC && HIBERNATION
|
|
help
|
|
Jump between original kernel and kexeced kernel and invoke
|
|
code in physical address mode via KEXEC
|
|
|
|
config CRASH_DUMP
|
|
bool "kernel crash dumps"
|
|
depends on ARCH_SUPPORTS_CRASH_DUMP
|
|
select CRASH_CORE
|
|
select KEXEC_CORE
|
|
help
|
|
Generate crash dump after being started by kexec.
|
|
This should be normally only set in special crash dump kernels
|
|
which are loaded in the main kernel with kexec-tools into
|
|
a specially reserved region and then later executed after
|
|
a crash by kdump/kexec. The crash dump kernel must be compiled
|
|
to a memory address not used by the main kernel or BIOS using
|
|
PHYSICAL_START, or it must be built as a relocatable image
|
|
(CONFIG_RELOCATABLE=y).
|
|
For more details see Documentation/admin-guide/kdump/kdump.rst
|
|
|
|
For s390, this option also enables zfcpdump.
|
|
See also <file:Documentation/arch/s390/zfcpdump.rst>
|
|
|
|
config CRASH_HOTPLUG
|
|
bool "Update the crash elfcorehdr on system configuration changes"
|
|
default y
|
|
depends on CRASH_DUMP && (HOTPLUG_CPU || MEMORY_HOTPLUG)
|
|
depends on ARCH_SUPPORTS_CRASH_HOTPLUG
|
|
help
|
|
Enable direct update to the crash elfcorehdr (which contains
|
|
the list of CPUs and memory regions to be dumped upon a crash)
|
|
in response to hot plug/unplug or online/offline of CPUs or
|
|
memory. This is a much more advanced approach than userspace
|
|
attempting that.
|
|
|
|
If unsure, say Y.
|
|
|
|
config CRASH_MAX_MEMORY_RANGES
|
|
int "Specify the maximum number of memory regions for the elfcorehdr"
|
|
default 8192
|
|
depends on CRASH_HOTPLUG
|
|
help
|
|
For the kexec_file_load() syscall path, specify the maximum number of
|
|
memory regions that the elfcorehdr buffer/segment can accommodate.
|
|
These regions are obtained via walk_system_ram_res(); eg. the
|
|
'System RAM' entries in /proc/iomem.
|
|
This value is combined with NR_CPUS_DEFAULT and multiplied by
|
|
sizeof(Elf64_Phdr) to determine the final elfcorehdr memory buffer/
|
|
segment size.
|
|
The value 8192, for example, covers a (sparsely populated) 1TiB system
|
|
consisting of 128MiB memblocks, while resulting in an elfcorehdr
|
|
memory buffer/segment size under 1MiB. This represents a sane choice
|
|
to accommodate both baremetal and virtual machine configurations.
|
|
|
|
For the kexec_load() syscall path, CRASH_MAX_MEMORY_RANGES is part of
|
|
the computation behind the value provided through the
|
|
/sys/kernel/crash_elfcorehdr_size attribute.
|
|
|
|
endmenu
|