[RFC 0/3] Add support for kexec_file_load

[Stewart Smith]

Eric Richter <erichte at linux.vnet.ibm.com> writes:
>> Eric Richter <erichte at linux.vnet.ibm.com> writes:
>>>> One thought - do we want normal kexec / kexec_file_load to be an option, or
>>>> enforce using it if we're in trusted boot mode?
>>>
>>> Ideally, if we are booting in secure/trusted mode, then only
>>> kexec_file_load should be allowed. I am currently working on
>>> implementing this now, will post as an update to this set.
>>
>> kexec_file_load and the fall back to normal kexec, which should be
>> denied by the kernel if we've booted securely?
>>
>> That would make the petitboot logic simple, and up to the running kernel
>> to enforce things, which seems about the right place to do that.
>>
>
> After trying to implement that logic, I've come to the same conclusion.
>
> Did a bit of research though, it appears the patch that disables 
> kexec_load never hit upstream. Slightly out of scope, but could this 
> patch (or something similar) that can be carried in op-build?

Hah! All the fuss around modifying device tree in userspace and yet we
can just kexec_load anyway.

> Alternatively, it could be recommended/required to disable kexec_load in 
> Kconfig for building a skiroot image intended to support trusted boot 
> (maybe a buildroot option?).

I think that'd be a good interim until it gets disabled upstream.

-- 
Stewart Smith
OPAL Architect, IBM.