[RFC 0/3] Add support for kexec_file_load

Eric Richter erichte at linux.vnet.ibm.com
Tue Sep 13 23:55:10 AEST 2016 


On 09/12/2016 07:47 PM, Samuel Mendoza-Jonas wrote:
> On Fri, 2016-09-09 at 14:26 -0500, Eric Richter wrote:
>> Secure and trusted boot on POWER relies on the use of kexec_file_load over
>> kexec_load, for uses such as kernel/initrd signature verification and
>> measurement[1]. This patch set defines a new configuration option for toggling
>> which syscall is used, or more specifically, which parameter is passed to
>> kexec-{tools,lite}[2].
>>
>> This is a preliminary version of the patches, intended to gather feedback and
>> thoughts on the location of the configuration option. Currently, the option
>> is included as a system-level config option, rather than an individual boot
>> option. The thought is to have a top-level "default" option, that could be
>> overrided in a per-boot config option.
>>
>> Furthermore, there should be some check to ensure that the syscall is available
>> in both the running kernel and the kexec binary. Implementations of these
>> checks are forthcoming.
>>
>>
>> Thanks,
>> Eric Richter
>>
>>
>> [1] See the following patches for kexec_file_load on POWER:
>> https://lists.infradead.org/pipermail/kexec/2016-August/016960.html
>> relevant IMA hooks were included in 4.6
>>
>> [2] Kexec-tools uses -s for kexec_file_load. Neither upstream -tools nor -lite
>> implement this for POWER, though I have an implementation for the latter here:
>> https://github.com/erichte-ibm/kexec-lite/tree/kexec-file-load
>>
>> Eric Richter (3):
>>   lib: Add system config option to enable kexec_file_load
>>   boot/pb-discover: Use kexec_method config option to determine kexec
>>     syscall
>>   ui/ncurses: Add system config checkbox to enable kexec_file load
>>
>>  discover/boot.c               |  6 ++++--
>>  discover/boot.h               |  1 +
>>  lib/pb-protocol/pb-protocol.c |  9 +++++++++
>>  lib/types/types.h             |  2 ++
>>  ui/ncurses/nc-config.c        | 22 +++++++++++++++++++++-
>>  5 files changed, 37 insertions(+), 3 deletions(-)
>>
>
> This all looks fine to me, and can probably go in almost as-is once we get
> kexec-{tools,lite} and kernel support.

I do have some patches ready for kexec-lite, would you happen to know 
where those should be sent?

> One thought - do we want normal kexec / kexec_file_load to be an option, or
> enforce using it if we're in trusted boot mode?

Ideally, if we are booting in secure/trusted mode, then only 
kexec_file_load should be allowed. I am currently working on 
implementing this now, will post as an update to this set.

Thanks,
Eric Richter

More information about the Petitboot mailing list