[RFC 0/3] Add support for kexec_file_load

Samuel Mendoza-Jonas sam at mendozajonas.com
Wed Sep 14 16:10:49 AEST 2016 

On Tue, 2016-09-13 at 08:55 -0500, Eric Richter wrote:
> 
> On 09/12/2016 07:47 PM, Samuel Mendoza-Jonas wrote:
> > 
> > On Fri, 2016-09-09 at 14:26 -0500, Eric Richter wrote:
> > > 
> > > Secure and trusted boot on POWER relies on the use of kexec_file_load over
> > > kexec_load, for uses such as kernel/initrd signature verification and
> > > measurement[1]. This patch set defines a new configuration option for toggling
> > > which syscall is used, or more specifically, which parameter is passed to
> > > kexec-{tools,lite}[2].
> > > 
> > > This is a preliminary version of the patches, intended to gather feedback and
> > > thoughts on the location of the configuration option. Currently, the option
> > > is included as a system-level config option, rather than an individual boot
> > > option. The thought is to have a top-level "default" option, that could be
> > > overrided in a per-boot config option.
> > > 
> > > Furthermore, there should be some check to ensure that the syscall is available
> > > in both the running kernel and the kexec binary. Implementations of these
> > > checks are forthcoming.
> > > 
> > > 
> > > Thanks,
> > > Eric Richter
> > > 
> > > 
> > > [1] See the following patches for kexec_file_load on POWER:
> > > https://lists.infradead.org/pipermail/kexec/2016-August/016960.html
> > > relevant IMA hooks were included in 4.6
> > > 
> > > [2] Kexec-tools uses -s for kexec_file_load. Neither upstream -tools nor -lite
> > > implement this for POWER, though I have an implementation for the latter here:
> > > https://github.com/erichte-ibm/kexec-lite/tree/kexec-file-load
> > > 
> > > Eric Richter (3):
> > >   lib: Add system config option to enable kexec_file_load
> > >   boot/pb-discover: Use kexec_method config option to determine kexec
> > >     syscall
> > >   ui/ncurses: Add system config checkbox to enable kexec_file load
> > > 
> > >  discover/boot.c               |  6 ++++--
> > >  discover/boot.h               |  1 +
> > >  lib/pb-protocol/pb-protocol.c |  9 +++++++++
> > >  lib/types/types.h             |  2 ++
> > >  ui/ncurses/nc-config.c        | 22 +++++++++++++++++++++-
> > >  5 files changed, 37 insertions(+), 3 deletions(-)
> > > 
> > 
> > This all looks fine to me, and can probably go in almost as-is once we get
> > kexec-{tools,lite} and kernel support.
> 
> I do have some patches ready for kexec-lite, would you happen to know 
> where those should be sent?

Sounds like theĀ linuxppc-dev at lists.ozlabs.org list is the place for these.

> 
> > 
> > One thought - do we want normal kexec / kexec_file_load to be an option, or
> > enforce using it if we're in trusted boot mode?
> 
> Ideally, if we are booting in secure/trusted mode, then only 
> kexec_file_load should be allowed. I am currently working on 
> implementing this now, will post as an update to this set.
> 
> Thanks,
> Eric Richter
>

More information about the Petitboot mailing list