Hi,
On 1/15/25 10:58 PM, Coiby Xu wrote:
> diff --git a/Documentation/admin-guide/kdump/kdump.rst b/Documentation/admin-guide/kdump/kdump.rst
> index 5376890adbeb..192d6796ab94 100644
> --- a/Documentation/admin-guide/kdump/kdump.rst
> +++ b/Documentation/admin-guide/kdump/kdump.rst
> @@ -551,6 +551,34 @@ from within add_taint() whenever the value set in this bitmask matches with the
> bit flag being set by add_taint().
> This will cause a kdump to occur at the add_taint()->panic() call.
>
> +Write the dump file to encrypted disk volume
> +============================================
> +
> +CONFIG_CRASH_DM_CRYPT can be enabled to support saving the dump file to
> +encrypted disk volume. User space can interact with
an encrypted disk volume.
> +/sys/kernel/config/crash_dm_crypt_keys for setup,
> +
> +1. Tell the 1st kernel what keys are needed to unlock the disk volumes,
first
> + # Add key #1
> + mkdir /sys/kernel/config/crash_dm_crypt_keys/7d26b7b4-e342-4d2d-b660-7426b0996720
> + # Add key #1's description
> + echo cryptsetup:7d26b7b4-e342-4d2d-b660-7426b0996720 > /sys/kernel/config/crash_dm_crypt_keys/description
> +
> + # how many keys do we have now?
> + cat /sys/kernel/config/crash_dm_crypt_keys/count
> + 1
> +
> + # Add key#2 in the same way
key #2
(be consisent)
> +
> + # how many keys do we have now?
> + cat /sys/kernel/config/crash_dm_crypt_keys/count
> + 2
> +
> +2. Load the dump-capture kernel
> +
> +3. After dump-capture kerne get booted, restore the keys to user keyring
After the dump-capture kernel is booted,
> + echo yes > /sys/kernel/crash_dm_crypt_keys/restore
> +
> Contact
> =======
>
--
~Randy
