On Wed, Dec 14, 2016 at 11:16:17AM +0000, James Morse wrote: > Hi Pratyush, > > On 14/12/16 10:12, Pratyush Anand wrote: > > On Wednesday 14 December 2016 03:08 PM, Pratyush Anand wrote: > >>> I would go as far as to generate the page tables at 'kexec -l' time, > >>> and only if > >> > >> Ok..So you mean that I create a new section which will have page table > >> entries mapping physicalmemory represented by remaining section, and > >> then purgatory can just enable mmu with page table from that section, > >> right? Seems doable. can do that. > > > > I see a problem here. If we create page table as a new segment then, how can we > > verify in purgatory that sha for page table is correct? We need page table > > before sha verification start,and we can not rely the page table created by > > first kernel until it's sha is verified. So a chicken-egg problem. > > There is more than one of those! What happens if your sha256 calculation code is > corrupted? You have to run it before you know. The same goes for all the > purgatory code. > > This is why I think its better to do this in the kernel before we exit to > purgatory, but obviously that doesn't work for kdump. I see in an earlier message that the need for sha256 was being discussed in another thread. Do either of you happen to have a pointer to that. To me, it seems like it doesn't come with much benefit for the kdump case given that's best-effort anyway, and as above the verification code could have been be corrupted. In the non-kdump case it's not strictly necessary and seems like a debugging aid rather than a necessary piece of functionality -- if that's the case, a 20 second delay isn't the end of the world... Thanks, Mark.