Commit | Line | Data |
---|---|---|
89cde455 ED |
1 | # SPDX-License-Identifier: GPL-2.0-only |
2 | ||
3 | menu "Kexec and crash features" | |
4 | ||
85fcde40 BH |
5 | config CRASH_RESERVE |
6 | bool | |
7 | ||
443cbaf9 | 8 | config VMCORE_INFO |
89cde455 ED |
9 | bool |
10 | ||
11 | config KEXEC_CORE | |
89cde455 ED |
12 | bool |
13 | ||
14 | config KEXEC_ELF | |
15 | bool | |
16 | ||
17 | config HAVE_IMA_KEXEC | |
18 | bool | |
19 | ||
20 | config KEXEC | |
21 | bool "Enable kexec system call" | |
89cde455 ED |
22 | depends on ARCH_SUPPORTS_KEXEC |
23 | select KEXEC_CORE | |
24 | help | |
25 | kexec is a system call that implements the ability to shutdown your | |
26 | current kernel, and to start another kernel. It is like a reboot | |
27 | but it is independent of the system firmware. And like a reboot | |
28 | you can start any kernel with it, not just Linux. | |
29 | ||
30 | The name comes from the similarity to the exec system call. | |
31 | ||
32 | It is an ongoing process to be certain the hardware in a machine | |
33 | is properly shutdown, so do not be surprised if this code does not | |
34 | initially work for you. As of this writing the exact hardware | |
35 | interface is strongly in flux, so no good recommendation can be | |
36 | made. | |
37 | ||
38 | config KEXEC_FILE | |
39 | bool "Enable kexec file based system call" | |
40 | depends on ARCH_SUPPORTS_KEXEC_FILE | |
e63bde3d AB |
41 | select CRYPTO |
42 | select CRYPTO_SHA256 | |
89cde455 ED |
43 | select KEXEC_CORE |
44 | help | |
45 | This is new version of kexec system call. This system call is | |
46 | file based and takes file descriptors as system call argument | |
47 | for kernel and initramfs as opposed to list of segments as | |
48 | accepted by kexec system call. | |
49 | ||
50 | config KEXEC_SIG | |
51 | bool "Verify kernel signature during kexec_file_load() syscall" | |
52 | depends on ARCH_SUPPORTS_KEXEC_SIG | |
53 | depends on KEXEC_FILE | |
54 | help | |
55 | This option makes the kexec_file_load() syscall check for a valid | |
56 | signature of the kernel image. The image can still be loaded without | |
57 | a valid signature unless you also enable KEXEC_SIG_FORCE, though if | |
58 | there's a signature that we can check, then it must be valid. | |
59 | ||
60 | In addition to this option, you need to enable signature | |
61 | verification for the corresponding kernel image type being | |
62 | loaded in order for this to work. | |
63 | ||
64 | config KEXEC_SIG_FORCE | |
65 | bool "Require a valid signature in kexec_file_load() syscall" | |
66 | depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE | |
67 | depends on KEXEC_SIG | |
68 | help | |
69 | This option makes kernel signature verification mandatory for | |
70 | the kexec_file_load() syscall. | |
71 | ||
72 | config KEXEC_IMAGE_VERIFY_SIG | |
73 | bool "Enable Image signature verification support (ARM)" | |
74 | default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG | |
75 | depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG | |
76 | depends on KEXEC_SIG | |
77 | depends on EFI && SIGNED_PE_FILE_VERIFICATION | |
78 | help | |
79 | Enable Image signature verification support. | |
80 | ||
81 | config KEXEC_BZIMAGE_VERIFY_SIG | |
82 | bool "Enable bzImage signature verification support" | |
83 | depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG | |
84 | depends on KEXEC_SIG | |
85 | depends on SIGNED_PE_FILE_VERIFICATION | |
86 | select SYSTEM_TRUSTED_KEYRING | |
87 | help | |
88 | Enable bzImage signature verification support. | |
89 | ||
90 | config KEXEC_JUMP | |
91 | bool "kexec jump" | |
92 | depends on ARCH_SUPPORTS_KEXEC_JUMP | |
93 | depends on KEXEC && HIBERNATION | |
94 | help | |
95 | Jump between original kernel and kexeced kernel and invoke | |
96 | code in physical address mode via KEXEC | |
97 | ||
98 | config CRASH_DUMP | |
99 | bool "kernel crash dumps" | |
75bc255a | 100 | default y |
89cde455 | 101 | depends on ARCH_SUPPORTS_CRASH_DUMP |
75bc255a BH |
102 | depends on KEXEC_CORE |
103 | select VMCORE_INFO | |
104 | select CRASH_RESERVE | |
89cde455 ED |
105 | help |
106 | Generate crash dump after being started by kexec. | |
107 | This should be normally only set in special crash dump kernels | |
108 | which are loaded in the main kernel with kexec-tools into | |
109 | a specially reserved region and then later executed after | |
110 | a crash by kdump/kexec. The crash dump kernel must be compiled | |
111 | to a memory address not used by the main kernel or BIOS using | |
112 | PHYSICAL_START, or it must be built as a relocatable image | |
113 | (CONFIG_RELOCATABLE=y). | |
114 | For more details see Documentation/admin-guide/kdump/kdump.rst | |
115 | ||
116 | For s390, this option also enables zfcpdump. | |
c0d2f4ce | 117 | See also <file:Documentation/arch/s390/zfcpdump.rst> |
89cde455 | 118 | |
24726275 ED |
119 | config CRASH_HOTPLUG |
120 | bool "Update the crash elfcorehdr on system configuration changes" | |
121 | default y | |
122 | depends on CRASH_DUMP && (HOTPLUG_CPU || MEMORY_HOTPLUG) | |
123 | depends on ARCH_SUPPORTS_CRASH_HOTPLUG | |
124 | help | |
125 | Enable direct update to the crash elfcorehdr (which contains | |
126 | the list of CPUs and memory regions to be dumped upon a crash) | |
127 | in response to hot plug/unplug or online/offline of CPUs or | |
128 | memory. This is a much more advanced approach than userspace | |
129 | attempting that. | |
130 | ||
131 | If unsure, say Y. | |
132 | ||
133 | config CRASH_MAX_MEMORY_RANGES | |
134 | int "Specify the maximum number of memory regions for the elfcorehdr" | |
135 | default 8192 | |
136 | depends on CRASH_HOTPLUG | |
137 | help | |
138 | For the kexec_file_load() syscall path, specify the maximum number of | |
139 | memory regions that the elfcorehdr buffer/segment can accommodate. | |
140 | These regions are obtained via walk_system_ram_res(); eg. the | |
141 | 'System RAM' entries in /proc/iomem. | |
142 | This value is combined with NR_CPUS_DEFAULT and multiplied by | |
143 | sizeof(Elf64_Phdr) to determine the final elfcorehdr memory buffer/ | |
144 | segment size. | |
145 | The value 8192, for example, covers a (sparsely populated) 1TiB system | |
146 | consisting of 128MiB memblocks, while resulting in an elfcorehdr | |
147 | memory buffer/segment size under 1MiB. This represents a sane choice | |
148 | to accommodate both baremetal and virtual machine configurations. | |
149 | ||
a72bbec7 ED |
150 | For the kexec_load() syscall path, CRASH_MAX_MEMORY_RANGES is part of |
151 | the computation behind the value provided through the | |
152 | /sys/kernel/crash_elfcorehdr_size attribute. | |
153 | ||
89cde455 | 154 | endmenu |