[PATCH 0/3] discover: Check if the kernel image has Ultravisor support
Maxiwell S. Garcia
maxiwell at linux.ibm.com
Tue Sep 10 23:49:45 AEST 2019
On Tue, Sep 10, 2019 at 08:56:04AM +0800, Jeremy Kerr wrote:
Hi Jeremy,
Thanks for the review.
> Hi Maxiwell,
>
> > The PPC kernel image has an ELF Note 'namespace' called 'PowerPC'
> > to store capabilities that indicates if the powerpc kernel binary
> > knows how to run in an ultravisor-enabled system.
> >
> > This patchset enables petitboot to read the ELF structures of
> > kernel binary using the libelf as low-level support and get the
> > kernel image ELF Note capabilities. If that image is not compatible
> > with the system, the boot process is aborted.
>
> It's not really up to petitboot to decide whether an image is bootable -
> that's up to the kexec implementation and/or the kernel to determine. I
> suspect that we'd need better error reporting for this scenario, but
> it's not petitboot's job to stop the boot process.
>
Looking the kexec_load() function, I found the call to the
validate_boot_files() function, that check if both signature
verification and decryption are valid to keep the boot.
I thought that ultravisor validation could work in a similar way.
> You're aware that petitboot is not only for POWER + ultravisor
> platforms, right? Your proposed patches would seem to break everything
> but that.
Oh, right. The petitboot must know that the environment is a
ultravisor-enabled system to check this capability.
So, are you suggesting to not touch in the petitboot code and move this
check to kexec or kernel itself?
Thanks,
>
> Regards,
>
>
> Jeremy
>
More information about the Petitboot
mailing list