Hey Pingfan,
hope the mail is readable. Unfortunately it's the best HyperKitty
allows when you are not subscribed on the list...
On s390, if Secure-IPL is enabled, then "kexec -s -l" is
required.
Otherwise kdump kernel can not be loaded.
Signed-off-by: Pingfan Liu <piliu(a)redhat.com>
---
kdump-lib.sh | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/kdump-lib.sh b/kdump-lib.sh
index e18c473..e24f74f 100755
--- a/kdump-lib.sh
+++ b/kdump-lib.sh
@@ -612,6 +612,7 @@ is_secure_boot_enforced()
return 0
fi
+ # Detect secure boot on x86 and arm64
secure_boot_file=$(find /sys/firmware/efi/efivars -name SecureBoot-* 2>/dev/null)
setup_mode_file=$(find /sys/firmware/efi/efivars -name SetupMode-* 2>/dev/null)
@@ -624,6 +625,12 @@ is_secure_boot_enforced()
fi
fi
+ # Detect secure boot on s390x
+ if [[ -e "/sys/firmware/ipl/has_secure" && "$(cat
/sys/firmware/ipl/has_secure)" == "1" \
+ && -e "/sys/firmware/ipl/secure" && "$(cat
/sys/firmware/ipl/secure)" == "1" ]]; then
+ return 0
+ fi
As said off-list the check for has_secure isn't strictly needed as it only shows if
a machine is capable of secure boot. Thus when a system was booted with
secure boot (secure=1) the machine must also support secure boot, i.e.
has_secure=1 (everything else is a bug in the kernel or below).
Anyway the patch looks good and should work.
Thanks
Philipp
+
return 1
}
--
2.7.5