Hi Eric, On 06/19/23 at 10:57am, Eric DeVolder wrote: ...... > +config ARCH_SUPPORTS_KEXEC > + def_bool y > > -config ARCH_HAS_KEXEC_PURGATORY > - def_bool KEXEC_FILE > +config ARCH_SUPPORTS_KEXEC_FILE > + def_bool X86_64 && CRYPTO && CRYPTO_SHA256 ...... > +config ARCH_SELECTS_KEXEC_FILE > + def_bool y > depends on KEXEC_FILE > - help I am a little confused about this ARCH_SELECTS_XX adding. Wondering what limits us defining the ARCH_SUPPORTS_KEXEC_FILE like below? I have limited knowledge about Kconfig, please correct me if I am wrong. Thanks in advance. +config ARCH_SUPPORTS_KEXEC_FILE + def_bool y depends on KEXEC_FILE depends on X86_64 && CRYPTO && CRYPTO_SHA256 > - > - This option makes the kexec_file_load() syscall check for a valid > - signature of the kernel image. The image can still be loaded without > - a valid signature unless you also enable KEXEC_SIG_FORCE, though if > - there's a signature that we can check, then it must be valid. > - > - In addition to this option, you need to enable signature > - verification for the corresponding kernel image type being > - loaded in order for this to work. > -
