[PATCH v3 0/9] kexec_file_load implementation for PowerPC

Balbir Singh bsingharora at gmail.com
Wed Jun 22 23:29:46 AEST 2016


On Tue, 21 Jun 2016 16:48:32 -0300
Thiago Jung Bauermann <bauerman at linux.vnet.ibm.com> wrote:

> Hello,
> 
> This patch series implements the kexec_file_load system call on
> PowerPC.
> 
> This system call moves the reading of the kernel, initrd and the
> device tree from the userspace kexec tool to the kernel. This is
> needed if you want to do one or both of the following:
> 
> 1. only allow loading of signed kernels.
> 2. "measure" (i.e., record the hashes of) the kernel, initrd, kernel
>    command line and other boot inputs for the Integrity Measurement
>    Architecture subsystem.
> 
> The above are the functions kexec already has built into
> kexec_file_load. Yesterday I posted a set of patches which allows a
> third feature:
> 
> 3. have IMA pass-on its event log (where integrity measurements are
>    registered) accross kexec to the second kernel, so that the event
>    history is preserved.

OK.. and this is safe? Do both the kernels need to be signed by the
same certificate?


Balbir Singh


More information about the Linuxppc-dev mailing list