[kexec-tools] kdumpctl: Use kexec file based syscall for secureboot enabled machines
Baoquan He
baoquan at fedoraproject.org
Wed Sep 10 02:56:11 UTC 2014
commit 38329992fe6ef48fabefeae7b9b7e08b91de03f4
Author: Vivek Goyal <vgoyal at redhat.com>
Date: Mon Sep 8 11:35:22 2014 -0400
kdumpctl: Use kexec file based syscall for secureboot enabled machines
Now kexec file based syscall can be used with secureboot enabled machines.
Automatically switch to using new syscall if secureboot is enabled on the
machine.
Also remove the old message where kdump service failed if secureboot is
enabled. That's not the case anymore.
v2:
Renamed "secureboot" to "Secure Boot" in user visible message.
Signed-off-by: Vivek Goyal <vgoyal at redhat.com>
kdumpctl | 13 ++++++++-----
1 files changed, 8 insertions(+), 5 deletions(-)
---
diff --git a/kdumpctl b/kdumpctl
index 9403d61..ee3214a 100755
--- a/kdumpctl
+++ b/kdumpctl
@@ -433,6 +433,14 @@ load_kdump()
KDUMP_COMMANDLINE=`prepare_cmdline`
+ # For secureboot enabled machines, use new kexec file based syscall.
+ # Old syscall will always fail as it does not have capability to
+ # to kernel signature verification.
+ if is_secure_boot_enforced; then
+ echo "Secure Boot is enabled. Using kexec file based syscall."
+ KEXEC_ARGS="$KEXEC_ARGS -s"
+ fi
+
$KEXEC $KEXEC_ARGS $standard_kexec_args \
--command-line="$KDUMP_COMMANDLINE" \
--initrd=$TARGET_INITRD $kdump_kernel
@@ -702,11 +710,6 @@ is_secure_boot_enforced()
check_kdump_feasibility()
{
- if is_secure_boot_enforced; then
- echo "Secure Boot is Enabled. Kdump service can't be started. Disable Secure Boot and retry"
- return 1;
- fi
-
if [ ! -e /sys/kernel/kexec_crash_loaded ]; then
echo "Kdump is not supported on this kernel"
return 1
More information about the scm-commits
mailing list