[RFC 0/3] Add support for kexec_file_load

[Stewart Smith]

Eric Richter <erichte at linux.vnet.ibm.com> writes:
>> One thought - do we want normal kexec / kexec_file_load to be an option, or
>> enforce using it if we're in trusted boot mode?
>
> Ideally, if we are booting in secure/trusted mode, then only 
> kexec_file_load should be allowed. I am currently working on 
> implementing this now, will post as an update to this set.

kexec_file_load and the fall back to normal kexec, which should be
denied by the kernel if we've booted securely?

That would make the petitboot logic simple, and up to the running kernel
to enforce things, which seems about the right place to do that.

-- 
Stewart Smith
OPAL Architect, IBM.