Re: [PATCH 0/6] kexec: A new system call to allow in kernel loading

From: HATAYAMA Daisuke
Date: Thu Nov 21 2013 - 19:55:41 EST

Next message: Kees Cook: "Re: [PATCH 4/6] kexec: A new system call, kexec_file_load, for inkernel kexec"
Previous message: Benjamin LaHaise: "[GIT PULL] aio fixes for 3.13"
In reply to: Eric W. Biederman: "Re: [PATCH 0/6] kexec: A new system call to allow in kernel loading"
Next in thread: Vivek Goyal: "Re: [PATCH 0/6] kexec: A new system call to allow in kernel loading"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(2013/11/21 2:50), Vivek Goyal wrote:

Current proposed secureboot implementation disables kexec/kdump because
it can allow unsigned kernel to run on a secureboot platform. Intial
idea was to sign /sbin/kexec binary and let that binary do the kernel
signature verification. I had posted RFC patches for this apparoach
here.

https://lkml.org/lkml/2013/9/10/560

Later we had discussion at Plumbers and most of the people thought
that signing and trusting /sbin/kexec is becoming complex. So a
better idea might be let kernel do the signature verification of
new kernel being loaded. This calls for implementing a new system call
and moving lot of user space code in kernel.

kexec_load() system call allows loading a kexec/kdump kernel and jump
to that kernel at right time. Though a lot of processing is done in
user space which prepares a list of segments/buffers to be loaded and
kexec_load() works on that list of segments. It does not know what's
contained in those segments.

Now a new system call kexec_file_load() is implemented which takes
kernel fd and initrd fd as parameters. Now kernel should be able
to verify signature of newly loaded kernel.

This is an early RFC patchset. I have not done signature handling
part yet. This is more of a minimal patch to show how new system
call and functionality will look like. Right now it can only handle
bzImage with 64bit entry point on x86_64. No EFI, no x86_32 or any
other architecture. Rest of the things can be added slowly as need
arises. In first iteration, I have tried to address most common use case
for us.

Any feedback is welcome.

So, ultimately on this design direction, user-land kexec command someday
will no longer be used at all? Or is there any feature you will keep in
user-land side?

I think it big change if one component in kdump will disappear.

--
Thanks.
HATAYAMA, Daisuke

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kees Cook: "Re: [PATCH 4/6] kexec: A new system call, kexec_file_load, for inkernel kexec"
Previous message: Benjamin LaHaise: "[GIT PULL] aio fixes for 3.13"
In reply to: Eric W. Biederman: "Re: [PATCH 0/6] kexec: A new system call to allow in kernel loading"
Next in thread: Vivek Goyal: "Re: [PATCH 0/6] kexec: A new system call to allow in kernel loading"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]