On 11/20/19 at 01:35pm, Dave Young wrote:
Hi Lianbo,
On 11/19/19 at 05:10pm, Lianbo Jiang wrote:
> Currently, kernel enabled the kexec_file_load() syscall on x86_64
> by default, so lets align it for kexec tools.
The description does not explain why this patch is needed.
It is enabled by default long time ago, that means both kexec_file_load
and kexec_load are enabled in kernel, why we move to kexec_file now?
What is the advantage and why it is safe now etc.
Btw, there should be some test data, eg. i386, x86_64, Secure Boot and
non Secure Boot, UEFI and non UEFI. Probably only for Fedora kernel no
Also need to test signed kernel and non-signed kernel..
need to do kconfig options test. But if for upstream kernel need
think
about several combination of kconfigs, eg. # CONFIG_KEXEC_SIG_FORCE is not set
CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y =n
CONFIG_KEXEC_SIG_FORCE=y or =n
>
> Signed-off-by: Lianbo Jiang <lijiang(a)redhat.com>
> ---
> kdump-lib.sh | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/kdump-lib.sh b/kdump-lib.sh
> index f393c76b9cbb..89cb08850924 100755
> --- a/kdump-lib.sh
> +++ b/kdump-lib.sh
> @@ -598,10 +598,18 @@ need_64bit_headers()
> # is 1 and SetupMode is 0, then secure boot is being enforced.
> #
> # Assume efivars is mounted at /sys/firmware/efi/efivars.
> +#
> +# Currently, kernel enabled the kexec_file_load on x86_64 by default, so
> +# lets align it.
> is_secure_boot_enforced()
> {
> local secure_boot_file setup_mode_file
> local secure_boot_byte setup_mode_byte
> + local arch_name=`uname -m`
> +
> + if [ "$arch_name" == "x86_64" ]; then
> + return 0
> + fi
Secure Boot is used on X86_64 only, if above change is good, then just
drop the secure_boot* stuff.
Add a new function
use_kexec_file_load()
and in the function just returnn true in case x86_64
>
> secure_boot_file=$(find /sys/firmware/efi/efivars -name SecureBoot-*
2>/dev/null)
> setup_mode_file=$(find /sys/firmware/efi/efivars -name SetupMode-*
2>/dev/null)
> --
> 2.17.1
> _______________________________________________
> kexec mailing list -- kexec(a)lists.fedoraproject.org
> To unsubscribe send an email to kexec-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/kexec@lists.fedoraproject.org
Thanks
Dave