kernel/Kconfig.kexec at v6.17-rc2 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / kernel / Kconfig.kexec
at v6.17-rc2 6.3 kB view raw
  1# SPDX-License-Identifier: GPL-2.0-only
  2
  3menu "Kexec and crash features"
  4
  5config CRASH_RESERVE
  6	bool
  7
  8config VMCORE_INFO
  9	bool
 10
 11config KEXEC_CORE
 12	bool
 13
 14config KEXEC_ELF
 15	bool
 16
 17config HAVE_IMA_KEXEC
 18	bool
 19
 20config KEXEC
 21	bool "Enable kexec system call"
 22	depends on ARCH_SUPPORTS_KEXEC
 23	select KEXEC_CORE
 24	help
 25	  kexec is a system call that implements the ability to shutdown your
 26	  current kernel, and to start another kernel. It is like a reboot
 27	  but it is independent of the system firmware. And like a reboot
 28	  you can start any kernel with it, not just Linux.
 29
 30	  The name comes from the similarity to the exec system call.
 31
 32	  It is an ongoing process to be certain the hardware in a machine
 33	  is properly shutdown, so do not be surprised if this code does not
 34	  initially work for you. As of this writing the exact hardware
 35	  interface is strongly in flux, so no good recommendation can be
 36	  made.
 37
 38config KEXEC_FILE
 39	bool "Enable kexec file based system call"
 40	depends on ARCH_SUPPORTS_KEXEC_FILE
 41	select CRYPTO_LIB_SHA256
 42	select KEXEC_CORE
 43	help
 44	  This is new version of kexec system call. This system call is
 45	  file based and takes file descriptors as system call argument
 46	  for kernel and initramfs as opposed to list of segments as
 47	  accepted by kexec system call.
 48
 49config KEXEC_SIG
 50	bool "Verify kernel signature during kexec_file_load() syscall"
 51	depends on ARCH_SUPPORTS_KEXEC_SIG
 52	depends on KEXEC_FILE
 53	help
 54	  This option makes the kexec_file_load() syscall check for a valid
 55	  signature of the kernel image. The image can still be loaded without
 56	  a valid signature unless you also enable KEXEC_SIG_FORCE, though if
 57	  there's a signature that we can check, then it must be valid.
 58
 59	  In addition to this option, you need to enable signature
 60	  verification for the corresponding kernel image type being
 61	  loaded in order for this to work.
 62
 63config KEXEC_SIG_FORCE
 64	bool "Require a valid signature in kexec_file_load() syscall"
 65	depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE
 66	depends on KEXEC_SIG
 67	help
 68	  This option makes kernel signature verification mandatory for
 69	  the kexec_file_load() syscall.
 70
 71config KEXEC_IMAGE_VERIFY_SIG
 72	bool "Enable Image signature verification support (ARM)"
 73	default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG
 74	depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG
 75	depends on KEXEC_SIG
 76	depends on EFI && SIGNED_PE_FILE_VERIFICATION
 77	help
 78	  Enable Image signature verification support.
 79
 80config KEXEC_BZIMAGE_VERIFY_SIG
 81	bool "Enable bzImage signature verification support"
 82	depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
 83	depends on KEXEC_SIG
 84	depends on SIGNED_PE_FILE_VERIFICATION
 85	select SYSTEM_TRUSTED_KEYRING
 86	help
 87	  Enable bzImage signature verification support.
 88
 89config KEXEC_JUMP
 90	bool "kexec jump"
 91	depends on ARCH_SUPPORTS_KEXEC_JUMP
 92	depends on KEXEC && HIBERNATION
 93	help
 94	  Jump between original kernel and kexeced kernel and invoke
 95	  code in physical address mode via KEXEC
 96
 97config KEXEC_HANDOVER
 98	bool "kexec handover"
 99	depends on ARCH_SUPPORTS_KEXEC_HANDOVER && ARCH_SUPPORTS_KEXEC_FILE
100	select MEMBLOCK_KHO_SCRATCH
101	select KEXEC_FILE
102	select DEBUG_FS
103	select LIBFDT
104	select CMA
105	help
106	  Allow kexec to hand over state across kernels by generating and
107	  passing additional metadata to the target kernel. This is useful
108	  to keep data or state alive across the kexec. For this to work,
109	  both source and target kernels need to have this option enabled.
110
111config CRASH_DUMP
112	bool "kernel crash dumps"
113	default ARCH_DEFAULT_CRASH_DUMP
114	depends on ARCH_SUPPORTS_CRASH_DUMP
115	depends on KEXEC_CORE
116	select VMCORE_INFO
117	select CRASH_RESERVE
118	help
119	  Generate crash dump after being started by kexec.
120	  This should be normally only set in special crash dump kernels
121	  which are loaded in the main kernel with kexec-tools into
122	  a specially reserved region and then later executed after
123	  a crash by kdump/kexec. The crash dump kernel must be compiled
124	  to a memory address not used by the main kernel or BIOS using
125	  PHYSICAL_START, or it must be built as a relocatable image
126	  (CONFIG_RELOCATABLE=y).
127	  For more details see Documentation/admin-guide/kdump/kdump.rst
128
129	  For s390, this option also enables zfcpdump.
130	  See also <file:Documentation/arch/s390/zfcpdump.rst>
131
132config CRASH_DM_CRYPT
133	bool "Support saving crash dump to dm-crypt encrypted volume"
134	depends on KEXEC_FILE
135	depends on CRASH_DUMP
136	depends on DM_CRYPT
137	depends on KEYS
138	help
139	  With this option enabled, user space can intereact with
140	  /sys/kernel/config/crash_dm_crypt_keys to make the dm crypt keys
141	  persistent for the dump-capture kernel.
142
143config CRASH_DM_CRYPT_CONFIGS
144	def_tristate CRASH_DM_CRYPT
145	select CONFIGFS_FS
146	help
147	  CRASH_DM_CRYPT cannot directly select CONFIGFS_FS, because that
148	  is required to be built-in.
149
150config CRASH_HOTPLUG
151	bool "Update the crash elfcorehdr on system configuration changes"
152	default y
153	depends on CRASH_DUMP && (HOTPLUG_CPU || MEMORY_HOTPLUG)
154	depends on ARCH_SUPPORTS_CRASH_HOTPLUG
155	help
156	  Enable direct update to the crash elfcorehdr (which contains
157	  the list of CPUs and memory regions to be dumped upon a crash)
158	  in response to hot plug/unplug or online/offline of CPUs or
159	  memory. This is a much more advanced approach than userspace
160	  attempting that.
161
162	  If unsure, say Y.
163
164config CRASH_MAX_MEMORY_RANGES
165	int "Specify the maximum number of memory regions for the elfcorehdr"
166	default 8192
167	depends on CRASH_HOTPLUG
168	help
169	  For the kexec_file_load() syscall path, specify the maximum number of
170	  memory regions that the elfcorehdr buffer/segment can accommodate.
171	  These regions are obtained via walk_system_ram_res(); eg. the
172	  'System RAM' entries in /proc/iomem.
173	  This value is combined with NR_CPUS_DEFAULT and multiplied by
174	  sizeof(Elf64_Phdr) to determine the final elfcorehdr memory buffer/
175	  segment size.
176	  The value 8192, for example, covers a (sparsely populated) 1TiB system
177	  consisting of 128MiB memblocks, while resulting in an elfcorehdr
178	  memory buffer/segment size under 1MiB. This represents a sane choice
179	  to accommodate both baremetal and virtual machine configurations.
180
181	  For the kexec_load() syscall path, CRASH_MAX_MEMORY_RANGES is part of
182	  the computation behind the value provided through the
183	  /sys/kernel/crash_elfcorehdr_size attribute.
184
185endmenu