On Mon, Jan 26, 2026 at 02:36:08PM +0000, Will Deacon wrote:
On Fri, Jan 23, 2026 at 04:13:25PM +0800, Coiby Xu wrote:
CONFIG_CRASH_DM_CRYPT has been introduced to support LUKS-encrypted
device dump target by addressing two challenges [1],
- Kdump kernel may not be able to decrypt the LUKS partition. For some
machines, a system administrator may not have a chance to enter the
password to decrypt the device in kdump initramfs after the 1st kernel
crashes
- LUKS2 by default use the memory-hard Argon2 key derivation function
which is quite memory-consuming compared to the limited memory reserved
for kdump.
To also enable this feature for ARM64, we only need to add device tree
property dmcryptkeys [2] as similar to elfcorehdr to pass the memory
address of the stored info of dm-crypt keys to the kdump kernel. Since
this property is only needed by the kdump kenrel, it won't be exposed to
user space.
[1] https://lore.kernel.org/all/[email protected]/
[2] https://github.com/devicetree-org/dt-schema/pull/181
Cc: Arnaud Lefebvre <[email protected]>
Cc: Baoquan he <[email protected]>
Cc: Dave Young <[email protected]>
Cc: Kairui Song <[email protected]>
Cc: Pingfan Liu <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Krzysztof Kozlowski <[email protected]>
Cc: Rob Herring <[email protected]>
Signed-off-by: Coiby Xu <[email protected]>
---
v3
- Delete the property after reading it [Rob Herring]
v2
- Krzysztof
- Use imperative mood for commit message
- Add dt-schema ABI Documentation
https://github.com/devicetree-org/dt-schema/pull/181
- Don't print dm-crypt keys address via pr_debug
arch/arm64/kernel/machine_kexec_file.c | 9 +++++++++
drivers/of/fdt.c | 21 +++++++++++++++++++++
drivers/of/kexec.c | 19 +++++++++++++++++++
3 files changed, 49 insertions(+)
diff --git a/arch/arm64/kernel/machine_kexec_file.c
b/arch/arm64/kernel/machine_kexec_file.c
index 410060ebd86d..5f3bad8ca96d 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -134,6 +134,15 @@ int load_other_segments(struct kimage *image,
kexec_dprintk("Loaded elf core header at 0x%lx bufsz=0x%lx
memsz=0x%lx\n",
image->elf_load_addr, kbuf.bufsz, kbuf.memsz);
+
+ ret = crash_load_dm_crypt_keys(image);
+
+ if (ret == -ENOENT) {
+ kexec_dprintk("No dm crypt key to load\n");
+ } else if (ret) {
+ pr_err("Failed to load dm crypt keys\n");
+ goto out_err;
+ }
This looks like an unusual mixture of kexec_dprintk() and pr_err().
Stepping back a second, why do we need to print anything from the arch
code at all? It looks like crash_load_dm_crypt_keys() already prints for
the -ENOENT case so I'd be inclined just to do:
ret = crash_load_dm_crypt_keys(image);
if (ret)
goto out_err;
Will
Hi Will,
Thanks for carefully reviewing the patch! Yeah, crash_load_dm_crypt_keys
already prints for the -ENOTENT case, good catch! And it's also a good
idea to not let the arch code print anything since
crash_load_dm_crypt_keys is a better place. I'll make
crash_load_dm_crypt_keys print more logs and also return 0 for the case
of -ENOENT. This can make the arch code more succinct.
--
Best regards,
Coiby
