maybe a boot parameter ? Jason A. Donenfeld <Jason@xxxxxxxxx> 于2022年7月25日周一 20:15写道: > > Hi Albert, > > On Mon, Jul 25, 2022 at 04:38:54PM +0800, Albert Huang wrote: > > +config KEXEC_PURGATORY_SKIP_SIG > > + bool "skip kexec purgatory signature verification" > > + depends on ARCH_HAS_KEXEC_PURGATORY > > + help > > + this options makes the kexec purgatory do not signature verification > > + which would get hundreds of milliseconds saved during kexec boot. If we can > > + confirm that the data of each segment loaded by kexec will not change we may > > + enable this option > > + > > Some grammar nits here, but actually, wouldn't it be better to make this > depend on some other signature things instead? Like if the parent kernel > actually did a big signature computation, then maybe the purgatory step > is needed, but if it didn't bother, then maybe you can skip it. This > way, you don't need a compile-time option that might change some aspect > of signature verification people might otherwise be relying on. > > Jason
