~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/kernel/Kconfig.kexec

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 # SPDX-License-Identifier: GPL-2.0-only
  2 
  3 menu "Kexec and crash features"
  4 
  5 config CRASH_RESERVE
  6         bool
  7 
  8 config VMCORE_INFO
  9         bool
 10 
 11 config KEXEC_CORE
 12         bool
 13 
 14 config KEXEC_ELF
 15         bool
 16 
 17 config HAVE_IMA_KEXEC
 18         bool
 19 
 20 config KEXEC
 21         bool "Enable kexec system call"
 22         depends on ARCH_SUPPORTS_KEXEC
 23         select KEXEC_CORE
 24         help
 25           kexec is a system call that implements the ability to shutdown your
 26           current kernel, and to start another kernel. It is like a reboot
 27           but it is independent of the system firmware. And like a reboot
 28           you can start any kernel with it, not just Linux.
 29 
 30           The name comes from the similarity to the exec system call.
 31 
 32           It is an ongoing process to be certain the hardware in a machine
 33           is properly shutdown, so do not be surprised if this code does not
 34           initially work for you. As of this writing the exact hardware
 35           interface is strongly in flux, so no good recommendation can be
 36           made.
 37 
 38 config KEXEC_FILE
 39         bool "Enable kexec file based system call"
 40         depends on ARCH_SUPPORTS_KEXEC_FILE
 41         select CRYPTO
 42         select CRYPTO_SHA256
 43         select KEXEC_CORE
 44         help
 45           This is new version of kexec system call. This system call is
 46           file based and takes file descriptors as system call argument
 47           for kernel and initramfs as opposed to list of segments as
 48           accepted by kexec system call.
 49 
 50 config KEXEC_SIG
 51         bool "Verify kernel signature during kexec_file_load() syscall"
 52         depends on ARCH_SUPPORTS_KEXEC_SIG
 53         depends on KEXEC_FILE
 54         help
 55           This option makes the kexec_file_load() syscall check for a valid
 56           signature of the kernel image. The image can still be loaded without
 57           a valid signature unless you also enable KEXEC_SIG_FORCE, though if
 58           there's a signature that we can check, then it must be valid.
 59 
 60           In addition to this option, you need to enable signature
 61           verification for the corresponding kernel image type being
 62           loaded in order for this to work.
 63 
 64 config KEXEC_SIG_FORCE
 65         bool "Require a valid signature in kexec_file_load() syscall"
 66         depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE
 67         depends on KEXEC_SIG
 68         help
 69           This option makes kernel signature verification mandatory for
 70           the kexec_file_load() syscall.
 71 
 72 config KEXEC_IMAGE_VERIFY_SIG
 73         bool "Enable Image signature verification support (ARM)"
 74         default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG
 75         depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG
 76         depends on KEXEC_SIG
 77         depends on EFI && SIGNED_PE_FILE_VERIFICATION
 78         help
 79           Enable Image signature verification support.
 80 
 81 config KEXEC_BZIMAGE_VERIFY_SIG
 82         bool "Enable bzImage signature verification support"
 83         depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
 84         depends on KEXEC_SIG
 85         depends on SIGNED_PE_FILE_VERIFICATION
 86         select SYSTEM_TRUSTED_KEYRING
 87         help
 88           Enable bzImage signature verification support.
 89 
 90 config KEXEC_JUMP
 91         bool "kexec jump"
 92         depends on ARCH_SUPPORTS_KEXEC_JUMP
 93         depends on KEXEC && HIBERNATION
 94         help
 95           Jump between original kernel and kexeced kernel and invoke
 96           code in physical address mode via KEXEC
 97 
 98 config CRASH_DUMP
 99         bool "kernel crash dumps"
100         default y
101         depends on ARCH_SUPPORTS_CRASH_DUMP
102         depends on KEXEC_CORE
103         select VMCORE_INFO
104         select CRASH_RESERVE
105         help
106           Generate crash dump after being started by kexec.
107           This should be normally only set in special crash dump kernels
108           which are loaded in the main kernel with kexec-tools into
109           a specially reserved region and then later executed after
110           a crash by kdump/kexec. The crash dump kernel must be compiled
111           to a memory address not used by the main kernel or BIOS using
112           PHYSICAL_START, or it must be built as a relocatable image
113           (CONFIG_RELOCATABLE=y).
114           For more details see Documentation/admin-guide/kdump/kdump.rst
115 
116           For s390, this option also enables zfcpdump.
117           See also <file:Documentation/arch/s390/zfcpdump.rst>
118 
119 config CRASH_HOTPLUG
120         bool "Update the crash elfcorehdr on system configuration changes"
121         default y
122         depends on CRASH_DUMP && (HOTPLUG_CPU || MEMORY_HOTPLUG)
123         depends on ARCH_SUPPORTS_CRASH_HOTPLUG
124         help
125           Enable direct update to the crash elfcorehdr (which contains
126           the list of CPUs and memory regions to be dumped upon a crash)
127           in response to hot plug/unplug or online/offline of CPUs or
128           memory. This is a much more advanced approach than userspace
129           attempting that.
130 
131           If unsure, say Y.
132 
133 config CRASH_MAX_MEMORY_RANGES
134         int "Specify the maximum number of memory regions for the elfcorehdr"
135         default 8192
136         depends on CRASH_HOTPLUG
137         help
138           For the kexec_file_load() syscall path, specify the maximum number of
139           memory regions that the elfcorehdr buffer/segment can accommodate.
140           These regions are obtained via walk_system_ram_res(); eg. the
141           'System RAM' entries in /proc/iomem.
142           This value is combined with NR_CPUS_DEFAULT and multiplied by
143           sizeof(Elf64_Phdr) to determine the final elfcorehdr memory buffer/
144           segment size.
145           The value 8192, for example, covers a (sparsely populated) 1TiB system
146           consisting of 128MiB memblocks, while resulting in an elfcorehdr
147           memory buffer/segment size under 1MiB. This represents a sane choice
148           to accommodate both baremetal and virtual machine configurations.
149 
150           For the kexec_load() syscall path, CRASH_MAX_MEMORY_RANGES is part of
151           the computation behind the value provided through the
152           /sys/kernel/crash_elfcorehdr_size attribute.
153 
154 endmenu

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php