On Wed, Aug 27, 2014 at 09:04:39AM -0400, Vivek Goyal wrote: > On Wed, Aug 27, 2014 at 04:59:37PM +0900, Simon Horman wrote: > > On Tue, Aug 26, 2014 at 10:30:34AM -0400, Vivek Goyal wrote: > > > On Mon, Aug 18, 2014 at 11:22:32AM -0400, Vivek Goyal wrote: > > > > Hi, > > > > > > > > This is v2 of the patch. Since v1, I moved syscall implemented check littler > > > > earlier in the function as per the feedback. > > > > > > > > Now a new kexec syscall (kexec_file_load()) has been merged in upstream > > > > kernel. This system call takes file descriptors of kernel and initramfs > > > > as input (as opposed to list of segments to be loaded). This new system > > > > call allows for signature verification of the kernel being loaded. > > > > > > > > One use of signature verification of kernel is secureboot systems where > > > > we want to allow kexec into a kernel only if it is validly signed by > > > > a key system trusts. > > > > > > > > This patch provides and option --kexec-file-syscall (-s), to force use of > > > > new system call for kexec. Default is to continue to use old syscall. > > > > > > > > Currently only bzImage64 on x86_64 can be loaded using this system call. > > > > As kernel adds support for more arches and for more image types, kexec-tools > > > > can be modified accordingly. > > > > > > > > > > Hi Simon, > > > > > > Do you have any concerns with this patch? If not, can you please consider > > > it for merge. > > > > Thanks, applied. > > Thanks Simon. Have you pushed it out yet. git pull does not show anything. It seems not. I have done so now.
