[PATCH 3/3] kdumpctl: Use kexec file based syscall for secureboot enabled machines
Dave Young
dyoung at redhat.com
Fri Sep 5 02:18:52 UTC 2014
On 09/03/14 at 12:07pm, Vivek Goyal wrote:
> Now kexec file based syscall can be used with secureboot enabled machines.
> Automatically switch to using new syscall if secureboot is enabled on the
> machine.
>
> Also remove the old message where kdump service failed if secureboot is
> enabled. That's not the case anymore.
Vivek
how about merge patch 2/3 and 3/3 as one patch so that it can be logically
one funtionally.
>
> Signed-off-by: Vivek Goyal <vgoyal at redhat.com>
> ---
> kdumpctl | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/kdumpctl b/kdumpctl
> index 9403d61..8fc2c27 100755
> --- a/kdumpctl
> +++ b/kdumpctl
> @@ -433,6 +433,14 @@ load_kdump()
>
> KDUMP_COMMANDLINE=`prepare_cmdline`
>
> + # For secureboot enabled machines, use new kexec file based syscall.
> + # Old syscall will always fail as it does not have capability to
> + # to kernel signature verification.
> + if is_secure_boot_enforced; then
> + echo "Secureboot is enabled. Using kexec file based syscall."
> + KEXEC_ARGS="$KEXEC_ARGS -s"
> + fi
> +
> $KEXEC $KEXEC_ARGS $standard_kexec_args \
> --command-line="$KDUMP_COMMANDLINE" \
> --initrd=$TARGET_INITRD $kdump_kernel
> @@ -702,11 +710,6 @@ is_secure_boot_enforced()
>
> check_kdump_feasibility()
> {
> - if is_secure_boot_enforced; then
> - echo "Secure Boot is Enabled. Kdump service can't be started. Disable Secure Boot and retry"
> - return 1;
> - fi
> -
> if [ ! -e /sys/kernel/kexec_crash_loaded ]; then
> echo "Kdump is not supported on this kernel"
> return 1
> --
> 1.9.0
>
> _______________________________________________
> kexec mailing list
> kexec at lists.fedoraproject.org
> https://lists.fedoraproject.org/mailman/listinfo/kexec
More information about the kexec
mailing list