[PATCH 0/4] Add support for kexec_file_load

Sat Mar 25 05:40:02 AEDT 2017

On 03/23/2017 09:17 PM, Samuel Mendoza-Jonas wrote:
> On Thu, 2017-03-23 at 11:46 -0500, Eric Richter wrote:
>> Secure and trusted boot on POWER relies on the use of kexec_file_load over
>> kexec_load, for uses such as kernel/initrd signature verification and
>> measurement[1]. This patch set defines a new configuration option for toggling
>> which syscall is used, or more specifically, which parameter is passed to
>> kexec-{tools,lite}[2].
>>
>> The default state of this option is to use the regular kexec_load, unless
>> otherwise enabled. On POWER, the state of this option is preserved via
>> the nvram key "petitboot,fileload?", which can be set ahead of time to avoid
>> traversing through menus at boot time.
>>
>> Thanks,
>> Eric Richter
>
> Hi Eric, thanks for the patches!
>
>>
>>
>> [1] The kexec_file_load syscall was included in Linux 4.10
>
> Ah great, I missed this getting merged.
>
>>
>> [2] Kexec-tools uses -s for kexec_file_load. Neither upstream -tools nor -lite
>> implement this for POWER, though I have an open pull request for the latter here:
>> https://github.com/antonblanchard/kexec-lite/pull/5
>
> This makes more sense for later when more of the security process is
> firmed up, but would it be worth adding a configure-time option to
> specify if kexec_file_load() is supported by the available kexec-
> {tools,lite}? Otherwise as long as we can return a useful error to the UI
> if it is chosen but isn't available that should be fine.

At the moment, if you enable the option on an unsupported kernel, it 
gives the "kexec failed" error on selecting a target. Ideally, this 
should probably be a little more specific and differentiate between the 
"syscall not supported" and "kexec_file_load actually failed" cases.

Though, checking for support in kexec-{tools,lite} should be easy at 
configure time by parsing the -h output and looking for the -s option. 
This could be used to hide the option in the menu, and prevent it from 
being toggled in the first place.

Ultimately, I considered this when I first submitted the patches as an 
RFC, but there's multiple ways this could be handled. If you have a 
preference, I'll gladly implement either :)

>
>>
>>
>> Eric Richter (4):
>>   lib: Add system config option to enable kexec_file_load
>>   boot/pb-discover: Use kexec_method config option to determine kexec
>>     syscall
>>   ui/ncurses: Add system config checkbox to enable kexec_file load
>>   petitboot-powerpc: persist kexec_method option via nvram
>>
>>  discover/boot.c               |  4 +++-
>>  discover/boot.h               |  1 +
>>  discover/platform-powerpc.c   |  9 +++++++++
>>  lib/pb-protocol/pb-protocol.c |  9 +++++++++
>>  lib/types/types.h             |  2 ++
>>  ui/ncurses/nc-config.c        | 24 +++++++++++++++++++++++-
>>  6 files changed, 47 insertions(+), 2 deletions(-)
>>
>