1# SPDX-License-Identifier: GPL-2.0-only 2 3menu "Kexec and crash features" 4 5config CRASH_RESERVE 6 bool 7 8config VMCORE_INFO 9 bool 10 11config KEXEC_CORE 12 bool 13 14config KEXEC_ELF 15 bool 16 17config HAVE_IMA_KEXEC 18 bool 19 20config KEXEC 21 bool "Enable kexec system call" 22 depends on ARCH_SUPPORTS_KEXEC 23 select KEXEC_CORE 24 help 25 kexec is a system call that implements the ability to shutdown your 26 current kernel, and to start another kernel. It is like a reboot 27 but it is independent of the system firmware. And like a reboot 28 you can start any kernel with it, not just Linux. 29 30 The name comes from the similarity to the exec system call. 31 32 It is an ongoing process to be certain the hardware in a machine 33 is properly shutdown, so do not be surprised if this code does not 34 initially work for you. As of this writing the exact hardware 35 interface is strongly in flux, so no good recommendation can be 36 made. 37 38config KEXEC_FILE 39 bool "Enable kexec file based system call" 40 depends on ARCH_SUPPORTS_KEXEC_FILE 41 select CRYPTO 42 select CRYPTO_SHA256 43 select KEXEC_CORE 44 help 45 This is new version of kexec system call. This system call is 46 file based and takes file descriptors as system call argument 47 for kernel and initramfs as opposed to list of segments as 48 accepted by kexec system call. 49 50config KEXEC_SIG 51 bool "Verify kernel signature during kexec_file_load() syscall" 52 depends on ARCH_SUPPORTS_KEXEC_SIG 53 depends on KEXEC_FILE 54 help 55 This option makes the kexec_file_load() syscall check for a valid 56 signature of the kernel image. The image can still be loaded without 57 a valid signature unless you also enable KEXEC_SIG_FORCE, though if 58 there's a signature that we can check, then it must be valid. 59 60 In addition to this option, you need to enable signature 61 verification for the corresponding kernel image type being 62 loaded in order for this to work. 63 64config KEXEC_SIG_FORCE 65 bool "Require a valid signature in kexec_file_load() syscall" 66 depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE 67 depends on KEXEC_SIG 68 help 69 This option makes kernel signature verification mandatory for 70 the kexec_file_load() syscall. 71 72config KEXEC_IMAGE_VERIFY_SIG 73 bool "Enable Image signature verification support (ARM)" 74 default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG 75 depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG 76 depends on KEXEC_SIG 77 depends on EFI && SIGNED_PE_FILE_VERIFICATION 78 help 79 Enable Image signature verification support. 80 81config KEXEC_BZIMAGE_VERIFY_SIG 82 bool "Enable bzImage signature verification support" 83 depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG 84 depends on KEXEC_SIG 85 depends on SIGNED_PE_FILE_VERIFICATION 86 select SYSTEM_TRUSTED_KEYRING 87 help 88 Enable bzImage signature verification support. 89 90config KEXEC_JUMP 91 bool "kexec jump" 92 depends on ARCH_SUPPORTS_KEXEC_JUMP 93 depends on KEXEC && HIBERNATION 94 help 95 Jump between original kernel and kexeced kernel and invoke 96 code in physical address mode via KEXEC 97 98config KEXEC_HANDOVER 99 bool "kexec handover" 100 depends on ARCH_SUPPORTS_KEXEC_HANDOVER && ARCH_SUPPORTS_KEXEC_FILE 101 select MEMBLOCK_KHO_SCRATCH 102 select KEXEC_FILE 103 select DEBUG_FS 104 select LIBFDT 105 select CMA 106 help 107 Allow kexec to hand over state across kernels by generating and 108 passing additional metadata to the target kernel. This is useful 109 to keep data or state alive across the kexec. For this to work, 110 both source and target kernels need to have this option enabled. 111 112config CRASH_DUMP 113 bool "kernel crash dumps" 114 default ARCH_DEFAULT_CRASH_DUMP 115 depends on ARCH_SUPPORTS_CRASH_DUMP 116 depends on KEXEC_CORE 117 select VMCORE_INFO 118 select CRASH_RESERVE 119 help 120 Generate crash dump after being started by kexec. 121 This should be normally only set in special crash dump kernels 122 which are loaded in the main kernel with kexec-tools into 123 a specially reserved region and then later executed after 124 a crash by kdump/kexec. The crash dump kernel must be compiled 125 to a memory address not used by the main kernel or BIOS using 126 PHYSICAL_START, or it must be built as a relocatable image 127 (CONFIG_RELOCATABLE=y). 128 For more details see Documentation/admin-guide/kdump/kdump.rst 129 130 For s390, this option also enables zfcpdump. 131 See also <file:Documentation/arch/s390/zfcpdump.rst> 132 133config CRASH_HOTPLUG 134 bool "Update the crash elfcorehdr on system configuration changes" 135 default y 136 depends on CRASH_DUMP && (HOTPLUG_CPU || MEMORY_HOTPLUG) 137 depends on ARCH_SUPPORTS_CRASH_HOTPLUG 138 help 139 Enable direct update to the crash elfcorehdr (which contains 140 the list of CPUs and memory regions to be dumped upon a crash) 141 in response to hot plug/unplug or online/offline of CPUs or 142 memory. This is a much more advanced approach than userspace 143 attempting that. 144 145 If unsure, say Y. 146 147config CRASH_MAX_MEMORY_RANGES 148 int "Specify the maximum number of memory regions for the elfcorehdr" 149 default 8192 150 depends on CRASH_HOTPLUG 151 help 152 For the kexec_file_load() syscall path, specify the maximum number of 153 memory regions that the elfcorehdr buffer/segment can accommodate. 154 These regions are obtained via walk_system_ram_res(); eg. the 155 'System RAM' entries in /proc/iomem. 156 This value is combined with NR_CPUS_DEFAULT and multiplied by 157 sizeof(Elf64_Phdr) to determine the final elfcorehdr memory buffer/ 158 segment size. 159 The value 8192, for example, covers a (sparsely populated) 1TiB system 160 consisting of 128MiB memblocks, while resulting in an elfcorehdr 161 memory buffer/segment size under 1MiB. This represents a sane choice 162 to accommodate both baremetal and virtual machine configurations. 163 164 For the kexec_load() syscall path, CRASH_MAX_MEMORY_RANGES is part of 165 the computation behind the value provided through the 166 /sys/kernel/crash_elfcorehdr_size attribute. 167 168endmenu 169