[PATCH v3 0/9] kexec_file_load implementation for PowerPC
Balbir Singh
bsingharora at gmail.com
Wed Jun 22 23:29:46 AEST 2016
On Tue, 21 Jun 2016 16:48:32 -0300
Thiago Jung Bauermann <bauerman at linux.vnet.ibm.com> wrote:
> Hello,
>
> This patch series implements the kexec_file_load system call on
> PowerPC.
>
> This system call moves the reading of the kernel, initrd and the
> device tree from the userspace kexec tool to the kernel. This is
> needed if you want to do one or both of the following:
>
> 1. only allow loading of signed kernels.
> 2. "measure" (i.e., record the hashes of) the kernel, initrd, kernel
> command line and other boot inputs for the Integrity Measurement
> Architecture subsystem.
>
> The above are the functions kexec already has built into
> kexec_file_load. Yesterday I posted a set of patches which allows a
> third feature:
>
> 3. have IMA pass-on its event log (where integrity measurements are
> registered) accross kexec to the second kernel, so that the event
> history is preserved.
OK.. and this is safe? Do both the kernels need to be signed by the
same certificate?
Balbir Singh
More information about the Linuxppc-dev
mailing list