On 09 16:04:50, Ard Biesheuvel wrote: > > [...] > > kdump has a kexec kernel 'standby' to launch when the kernel panics. > So for the UKI/EFI payload case, this would imply that the load > involves running the payload until EBS() and freezing the state. > > Whether execution occurs in true user space or in a deprivileged > kernel context is an implementation detail, imho. We don't want to run > external code in privileged mode inside the kernel in any case, as > this would violate lockdown already. But it should be feasible to have > a EFI compatible layer in the kernel that invokes the EFI entrypoint > of an image in a way that protects the host kernel. This could be user > mode on the CPU or perhaps a minimal KVM virtual machine. This solution is what I'm currently in favor of (besides my original approach), see: https://lore.kernel.org/kexec/Zt7EbvWjF9WPCYfn@gardel-login/T/#md4f02b7cb6c694cb28aa8d36fe47a02bd4dc17a4
