[RFC 0/3] Add support for kexec_file_load

Sat Sep 10 05:26:09 AEST 2016

Secure and trusted boot on POWER relies on the use of kexec_file_load over
kexec_load, for uses such as kernel/initrd signature verification and
measurement[1]. This patch set defines a new configuration option for toggling
which syscall is used, or more specifically, which parameter is passed to
kexec-{tools,lite}[2].

This is a preliminary version of the patches, intended to gather feedback and
thoughts on the location of the configuration option. Currently, the option
is included as a system-level config option, rather than an individual boot
option. The thought is to have a top-level "default" option, that could be
overrided in a per-boot config option.

Furthermore, there should be some check to ensure that the syscall is available
in both the running kernel and the kexec binary. Implementations of these
checks are forthcoming.

Thanks,
Eric Richter

[1] See the following patches for kexec_file_load on POWER:
https://lists.infradead.org/pipermail/kexec/2016-August/016960.html
relevant IMA hooks were included in 4.6

[2] Kexec-tools uses -s for kexec_file_load. Neither upstream -tools nor -lite
implement this for POWER, though I have an implementation for the latter here:
https://github.com/erichte-ibm/kexec-lite/tree/kexec-file-load

Eric Richter (3):
  lib: Add system config option to enable kexec_file_load
  boot/pb-discover: Use kexec_method config option to determine kexec
    syscall
  ui/ncurses: Add system config checkbox to enable kexec_file load

 discover/boot.c               |  6 ++++--
 discover/boot.h               |  1 +
 lib/pb-protocol/pb-protocol.c |  9 +++++++++
 lib/types/types.h             |  2 ++
 ui/ncurses/nc-config.c        | 22 +++++++++++++++++++++-
 5 files changed, 37 insertions(+), 3 deletions(-)

-- 
2.7.4