| # SPDX-License-Identifier: GPL-2.0-only |
| |
| menu "Kexec and crash features" |
| |
| config CRASH_RESERVE |
| bool |
| |
| config VMCORE_INFO |
| bool |
| |
| config KEXEC_CORE |
| bool |
| |
| config KEXEC_ELF |
| bool |
| |
| config HAVE_IMA_KEXEC |
| bool |
| |
| config KEXEC |
| bool "Enable kexec system call" |
| depends on ARCH_SUPPORTS_KEXEC |
| select KEXEC_CORE |
| help |
| kexec is a system call that implements the ability to shutdown your |
| current kernel, and to start another kernel. It is like a reboot |
| but it is independent of the system firmware. And like a reboot |
| you can start any kernel with it, not just Linux. |
| |
| The name comes from the similarity to the exec system call. |
| |
| It is an ongoing process to be certain the hardware in a machine |
| is properly shutdown, so do not be surprised if this code does not |
| initially work for you. As of this writing the exact hardware |
| interface is strongly in flux, so no good recommendation can be |
| made. |
| |
| config KEXEC_FILE |
| bool "Enable kexec file based system call" |
| depends on ARCH_SUPPORTS_KEXEC_FILE |
| select CRYPTO |
| select CRYPTO_SHA256 |
| select KEXEC_CORE |
| help |
| This is new version of kexec system call. This system call is |
| file based and takes file descriptors as system call argument |
| for kernel and initramfs as opposed to list of segments as |
| accepted by kexec system call. |
| |
| config KEXEC_SIG |
| bool "Verify kernel signature during kexec_file_load() syscall" |
| depends on ARCH_SUPPORTS_KEXEC_SIG |
| depends on KEXEC_FILE |
| help |
| This option makes the kexec_file_load() syscall check for a valid |
| signature of the kernel image. The image can still be loaded without |
| a valid signature unless you also enable KEXEC_SIG_FORCE, though if |
| there's a signature that we can check, then it must be valid. |
| |
| In addition to this option, you need to enable signature |
| verification for the corresponding kernel image type being |
| loaded in order for this to work. |
| |
| config KEXEC_SIG_FORCE |
| bool "Require a valid signature in kexec_file_load() syscall" |
| depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE |
| depends on KEXEC_SIG |
| help |
| This option makes kernel signature verification mandatory for |
| the kexec_file_load() syscall. |
| |
| config KEXEC_IMAGE_VERIFY_SIG |
| bool "Enable Image signature verification support (ARM)" |
| default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG |
| depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG |
| depends on KEXEC_SIG |
| depends on EFI && SIGNED_PE_FILE_VERIFICATION |
| help |
| Enable Image signature verification support. |
| |
| config KEXEC_BZIMAGE_VERIFY_SIG |
| bool "Enable bzImage signature verification support" |
| depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG |
| depends on KEXEC_SIG |
| depends on SIGNED_PE_FILE_VERIFICATION |
| select SYSTEM_TRUSTED_KEYRING |
| help |
| Enable bzImage signature verification support. |
| |
| config KEXEC_JUMP |
| bool "kexec jump" |
| depends on ARCH_SUPPORTS_KEXEC_JUMP |
| depends on KEXEC && HIBERNATION |
| help |
| Jump between original kernel and kexeced kernel and invoke |
| code in physical address mode via KEXEC |
| |
| config CRASH_DUMP |
| bool "kernel crash dumps" |
| default y |
| depends on ARCH_SUPPORTS_CRASH_DUMP |
| depends on KEXEC_CORE |
| select VMCORE_INFO |
| select CRASH_RESERVE |
| help |
| Generate crash dump after being started by kexec. |
| This should be normally only set in special crash dump kernels |
| which are loaded in the main kernel with kexec-tools into |
| a specially reserved region and then later executed after |
| a crash by kdump/kexec. The crash dump kernel must be compiled |
| to a memory address not used by the main kernel or BIOS using |
| PHYSICAL_START, or it must be built as a relocatable image |
| (CONFIG_RELOCATABLE=y). |
| For more details see Documentation/admin-guide/kdump/kdump.rst |
| |
| For s390, this option also enables zfcpdump. |
| See also <file:Documentation/arch/s390/zfcpdump.rst> |
| |
| config CRASH_HOTPLUG |
| bool "Update the crash elfcorehdr on system configuration changes" |
| default y |
| depends on CRASH_DUMP && (HOTPLUG_CPU || MEMORY_HOTPLUG) |
| depends on ARCH_SUPPORTS_CRASH_HOTPLUG |
| help |
| Enable direct update to the crash elfcorehdr (which contains |
| the list of CPUs and memory regions to be dumped upon a crash) |
| in response to hot plug/unplug or online/offline of CPUs or |
| memory. This is a much more advanced approach than userspace |
| attempting that. |
| |
| If unsure, say Y. |
| |
| config CRASH_MAX_MEMORY_RANGES |
| int "Specify the maximum number of memory regions for the elfcorehdr" |
| default 8192 |
| depends on CRASH_HOTPLUG |
| help |
| For the kexec_file_load() syscall path, specify the maximum number of |
| memory regions that the elfcorehdr buffer/segment can accommodate. |
| These regions are obtained via walk_system_ram_res(); eg. the |
| 'System RAM' entries in /proc/iomem. |
| This value is combined with NR_CPUS_DEFAULT and multiplied by |
| sizeof(Elf64_Phdr) to determine the final elfcorehdr memory buffer/ |
| segment size. |
| The value 8192, for example, covers a (sparsely populated) 1TiB system |
| consisting of 128MiB memblocks, while resulting in an elfcorehdr |
| memory buffer/segment size under 1MiB. This represents a sane choice |
| to accommodate both baremetal and virtual machine configurations. |
| |
| For the kexec_load() syscall path, CRASH_MAX_MEMORY_RANGES is part of |
| the computation behind the value provided through the |
| /sys/kernel/crash_elfcorehdr_size attribute. |
| |
| endmenu |
