On Thu, Oct 18, 2012 at 03:38:31PM -0400, Vivek Goyal wrote: > I was thinking that how about supporting in kernel bootloader. That is, > kernel acts as a boot loader. User passes the kernel, initrd and > commandline from user space using kexec system call and kernel parses > it and prepares appropriate memory areas ( ex. boot_params, kernel, initramfs, > backup region, elf header region etc). At the time of kexec -e, we just > follow th regular path and jump to second kernel. > > At the time of loading, kernel can verify the signature of incoming > bzImage and reject it if signatures don't match. Matthew mentioned that > kernel signing certificate will be available inside the running kernel, > so verifying PE/COFF bzImage should be easy. That all sounds fine to me. > There is one side issue of acpi_rsdp. Because second kernel executes > the code specified by acpi_rsdp, it is unsafe to let user specify > that location. Matthew metioned that figure a way out to pass acpi_rsdp > using boot params and drop it from command line. That would just be a matter of adding it to the structure and modifying drivers/acpi/osl.c. -- Matthew Garrett | mjg59 at srcf.ucam.org
