Vivek Goyal writes:
> Hi Eric,
>
> So you want a separate purgatory code and that purgatory should be self
> contained and should not share any code with rest of the kernel. No
> inclusion of header files, no linking against kernel libraries? That means
> even re-implementing sha256 functions
On Fri, Nov 22, 2013 at 07:23:39PM -0800, Eric W. Biederman wrote:
>
> > [..]
> >> >> There is also a huge missing piece of this in that your purgatory is not
> >> >> checking a hash of the loaded image before jumping too it. Without that
> >> >> this is a huge regression at least for the kexec
On Fri, Nov 22, 2013 at 07:23:39PM -0800, Eric W. Biederman wrote:
[..]
There is also a huge missing piece of this in that your purgatory is not
checking a hash of the loaded image before jumping too it. Without that
this is a huge regression at least for the kexec on panic case. We
Vivek Goyal vgo...@redhat.com writes:
Hi Eric,
So you want a separate purgatory code and that purgatory should be self
contained and should not share any code with rest of the kernel. No
inclusion of header files, no linking against kernel libraries? That means
even re-implementing sha256
Tested kdump and kexec using --use-kexec2-syscall on kenrel 3.13.0-rc2+,
they work very well.
On 11/20/13 at 12:50pm, Vivek Goyal wrote:
> Current proposed secureboot implementation disables kexec/kdump because
> it can allow unsigned kernel to run on a secureboot platform. Intial
> idea was to
Tested kdump and kexec using --use-kexec2-syscall on kenrel 3.13.0-rc2+,
they work very well.
On 11/20/13 at 12:50pm, Vivek Goyal wrote:
Current proposed secureboot implementation disables kexec/kdump because
it can allow unsigned kernel to run on a secureboot platform. Intial
idea was to
On Mon, 25 Nov 2013 10:36:20 -0500
Vivek Goyal wrote:
> On Mon, Nov 25, 2013 at 11:04:28AM +0100, Michael Holzheu wrote:
> > On Fri, 22 Nov 2013 05:34:03 -0800
> > ebied...@xmission.com (Eric W. Biederman) wrote:
> >
> > > Vivek Goyal writes:
> >
> > > >> There is also a huge missing piece of
On Mon, Nov 25, 2013 at 11:04:28AM +0100, Michael Holzheu wrote:
> On Fri, 22 Nov 2013 05:34:03 -0800
> ebied...@xmission.com (Eric W. Biederman) wrote:
>
> > Vivek Goyal writes:
>
> > >> There is also a huge missing piece of this in that your purgatory is not
> > >> checking a hash of the
On Fri, 22 Nov 2013 05:34:03 -0800
ebied...@xmission.com (Eric W. Biederman) wrote:
> Vivek Goyal writes:
> >> There is also a huge missing piece of this in that your purgatory is not
> >> checking a hash of the loaded image before jumping too it. Without that
> >> this is a huge regression at
On Fri, 22 Nov 2013 05:34:03 -0800
ebied...@xmission.com (Eric W. Biederman) wrote:
Vivek Goyal vgo...@redhat.com writes:
There is also a huge missing piece of this in that your purgatory is not
checking a hash of the loaded image before jumping too it. Without that
this is a huge
On Mon, Nov 25, 2013 at 11:04:28AM +0100, Michael Holzheu wrote:
On Fri, 22 Nov 2013 05:34:03 -0800
ebied...@xmission.com (Eric W. Biederman) wrote:
Vivek Goyal vgo...@redhat.com writes:
There is also a huge missing piece of this in that your purgatory is not
checking a hash of the
On Mon, 25 Nov 2013 10:36:20 -0500
Vivek Goyal vgo...@redhat.com wrote:
On Mon, Nov 25, 2013 at 11:04:28AM +0100, Michael Holzheu wrote:
On Fri, 22 Nov 2013 05:34:03 -0800
ebied...@xmission.com (Eric W. Biederman) wrote:
Vivek Goyal vgo...@redhat.com writes:
There is also a huge
Vivek Goyal writes:
> On Fri, Nov 22, 2013 at 05:34:03AM -0800, Eric W. Biederman wrote:
>
> [..]
>> > Why ELF case is so interesting. I have not use kexec to boot ELF
>> > images in years and have not seen others using it too. In fact bzImage
>> > seems to be the most common kernel image format
On Fri, Nov 22, 2013 at 09:19:46AM -0500, Vivek Goyal wrote:
> On Fri, Nov 22, 2013 at 05:34:03AM -0800, Eric W. Biederman wrote:
>
> [..]
> > > Why ELF case is so interesting. I have not use kexec to boot ELF
> > > images in years and have not seen others using it too. In fact bzImage
> > >
On Fri, Nov 22, 2013 at 7:33 AM, Vivek Goyal wrote:
> On Fri, Nov 22, 2013 at 02:50:43PM +0100, Jiri Kosina wrote:
>> On Fri, 22 Nov 2013, Vivek Goyal wrote:
>>
>> > > OTOH, does this feature make any sense whatsover on architectures that
>> > > don't support secure boot anyway?
>> >
>> > I guess
On Fri, Nov 22, 2013 at 02:50:43PM +0100, Jiri Kosina wrote:
> On Fri, 22 Nov 2013, Vivek Goyal wrote:
>
> > > OTOH, does this feature make any sense whatsover on architectures that
> > > don't support secure boot anyway?
> >
> > I guess if signed modules makes sense, then being able to kexec
On Fri, Nov 22, 2013 at 05:04:04PM +0100, Jiri Kosina wrote:
> On Fri, 22 Nov 2013, Eric Paris wrote:
>
> > Consider a cloud provider who gives their customer a machine where
> > they, the cloud provider, is specifying the kernel and initrd. This
> > is a real thing that people do today. Root
On Fri, 22 Nov 2013, Eric Paris wrote:
> Consider a cloud provider who gives their customer a machine where
> they, the cloud provider, is specifying the kernel and initrd. This
> is a real thing that people do today. Root on the machine has ZERO
> control over the kernel, bootloader, and
On Fri, Nov 22, 2013 at 10:33 AM, Jiri Kosina wrote:
> On Fri, 22 Nov 2013, Geert Uytterhoeven wrote:
>
>> >> Only arm, i386, ppc, ppc64, sh, and x86_64 support zImage.
>> >> It's not clear to me what alpha supports (if it supports anything at
>> >> all?).
>> >
>> > Motiviation behind this
On Fri, 22 Nov 2013, Geert Uytterhoeven wrote:
> >> Only arm, i386, ppc, ppc64, sh, and x86_64 support zImage.
> >> It's not clear to me what alpha supports (if it supports anything at all?).
> >
> > Motiviation behind this patchset is secureboot. That is x86 specific
> > only and bzImage is most
On Fri, Nov 22, 2013 at 2:43 PM, Vivek Goyal wrote:
>> Looking at kexec-tools, all of arm, cris, i386, ia64, m68k, mips, ppc, ppc64,
>> s390, sh, and x86_64 support ELF.
>
> How many of them use ELF to boot in real world? Also one can easily
> add ELF loader. I am just not able to see why ELF
On Fri, Nov 22, 2013 at 05:34:03AM -0800, Eric W. Biederman wrote:
[..]
> > Why ELF case is so interesting. I have not use kexec to boot ELF
> > images in years and have not seen others using it too. In fact bzImage
> > seems to be the most common kernel image format for x86, most of the distros
On Fri, 22 Nov 2013, Vivek Goyal wrote:
> > OTOH, does this feature make any sense whatsover on architectures that
> > don't support secure boot anyway?
>
> I guess if signed modules makes sense, then being able to kexec signed
> kernel images should make sense too, in general.
Well, that's
On Fri, Nov 22, 2013 at 02:30:17PM +0100, Jiri Kosina wrote:
> On Fri, 22 Nov 2013, Geert Uytterhoeven wrote:
>
> > > Why ELF case is so interesting. I have not use kexec to boot ELF
> > > images in years and have not seen others using it too. In fact bzImage
> > > seems to be the most common
On Fri, Nov 22, 2013 at 10:09:17AM +0100, Geert Uytterhoeven wrote:
> On Fri, Nov 22, 2013 at 2:55 AM, Vivek Goyal wrote:
> >> Before you are done we need an ELF loader. bzImage really is very
> >> uninteresting. To the point I am not at all convinced that an in kernel
> >> loader should
Vivek Goyal writes:
> On Thu, Nov 21, 2013 at 03:07:04PM -0800, Eric W. Biederman wrote:
>
> [..]
>>
>> Before you are done we need an ELF loader. bzImage really is very
>> uninteresting. To the point I am not at all convinced that an in kernel
>> loader should support it.
>
> Hi Eric,
>
>
On Fri, 22 Nov 2013, Geert Uytterhoeven wrote:
> > Why ELF case is so interesting. I have not use kexec to boot ELF
> > images in years and have not seen others using it too. In fact bzImage
> > seems to be the most common kernel image format for x86, most of the distros
> > ship and use.
> >
> >
On Fri, Nov 22, 2013 at 2:55 AM, Vivek Goyal wrote:
>> Before you are done we need an ELF loader. bzImage really is very
>> uninteresting. To the point I am not at all convinced that an in kernel
>> loader should support it.
>
> Hi Eric,
>
> Why ELF case is so interesting. I have not use kexec
On Fri, Nov 22, 2013 at 2:55 AM, Vivek Goyal vgo...@redhat.com wrote:
Before you are done we need an ELF loader. bzImage really is very
uninteresting. To the point I am not at all convinced that an in kernel
loader should support it.
Hi Eric,
Why ELF case is so interesting. I have not use
On Fri, 22 Nov 2013, Geert Uytterhoeven wrote:
Why ELF case is so interesting. I have not use kexec to boot ELF
images in years and have not seen others using it too. In fact bzImage
seems to be the most common kernel image format for x86, most of the distros
ship and use.
So first I
Vivek Goyal vgo...@redhat.com writes:
On Thu, Nov 21, 2013 at 03:07:04PM -0800, Eric W. Biederman wrote:
[..]
Before you are done we need an ELF loader. bzImage really is very
uninteresting. To the point I am not at all convinced that an in kernel
loader should support it.
Hi Eric,
On Fri, Nov 22, 2013 at 10:09:17AM +0100, Geert Uytterhoeven wrote:
On Fri, Nov 22, 2013 at 2:55 AM, Vivek Goyal vgo...@redhat.com wrote:
Before you are done we need an ELF loader. bzImage really is very
uninteresting. To the point I am not at all convinced that an in kernel
loader should
On Fri, Nov 22, 2013 at 02:30:17PM +0100, Jiri Kosina wrote:
On Fri, 22 Nov 2013, Geert Uytterhoeven wrote:
Why ELF case is so interesting. I have not use kexec to boot ELF
images in years and have not seen others using it too. In fact bzImage
seems to be the most common kernel image
On Fri, 22 Nov 2013, Vivek Goyal wrote:
OTOH, does this feature make any sense whatsover on architectures that
don't support secure boot anyway?
I guess if signed modules makes sense, then being able to kexec signed
kernel images should make sense too, in general.
Well, that's really a
On Fri, Nov 22, 2013 at 05:34:03AM -0800, Eric W. Biederman wrote:
[..]
Why ELF case is so interesting. I have not use kexec to boot ELF
images in years and have not seen others using it too. In fact bzImage
seems to be the most common kernel image format for x86, most of the distros
ship
On Fri, Nov 22, 2013 at 2:43 PM, Vivek Goyal vgo...@redhat.com wrote:
Looking at kexec-tools, all of arm, cris, i386, ia64, m68k, mips, ppc, ppc64,
s390, sh, and x86_64 support ELF.
How many of them use ELF to boot in real world? Also one can easily
add ELF loader. I am just not able to see
On Fri, 22 Nov 2013, Geert Uytterhoeven wrote:
Only arm, i386, ppc, ppc64, sh, and x86_64 support zImage.
It's not clear to me what alpha supports (if it supports anything at all?).
Motiviation behind this patchset is secureboot. That is x86 specific
only and bzImage is most commonly
On Fri, Nov 22, 2013 at 10:33 AM, Jiri Kosina jkos...@suse.cz wrote:
On Fri, 22 Nov 2013, Geert Uytterhoeven wrote:
Only arm, i386, ppc, ppc64, sh, and x86_64 support zImage.
It's not clear to me what alpha supports (if it supports anything at
all?).
Motiviation behind this patchset
On Fri, 22 Nov 2013, Eric Paris wrote:
Consider a cloud provider who gives their customer a machine where
they, the cloud provider, is specifying the kernel and initrd. This
is a real thing that people do today. Root on the machine has ZERO
control over the kernel, bootloader, and initrd.
On Fri, Nov 22, 2013 at 05:04:04PM +0100, Jiri Kosina wrote:
On Fri, 22 Nov 2013, Eric Paris wrote:
Consider a cloud provider who gives their customer a machine where
they, the cloud provider, is specifying the kernel and initrd. This
is a real thing that people do today. Root on the
On Fri, Nov 22, 2013 at 02:50:43PM +0100, Jiri Kosina wrote:
On Fri, 22 Nov 2013, Vivek Goyal wrote:
OTOH, does this feature make any sense whatsover on architectures that
don't support secure boot anyway?
I guess if signed modules makes sense, then being able to kexec signed
On Fri, Nov 22, 2013 at 7:33 AM, Vivek Goyal vgo...@redhat.com wrote:
On Fri, Nov 22, 2013 at 02:50:43PM +0100, Jiri Kosina wrote:
On Fri, 22 Nov 2013, Vivek Goyal wrote:
OTOH, does this feature make any sense whatsover on architectures that
don't support secure boot anyway?
I guess
On Fri, Nov 22, 2013 at 09:19:46AM -0500, Vivek Goyal wrote:
On Fri, Nov 22, 2013 at 05:34:03AM -0800, Eric W. Biederman wrote:
[..]
Why ELF case is so interesting. I have not use kexec to boot ELF
images in years and have not seen others using it too. In fact bzImage
seems to be the
Vivek Goyal vgo...@redhat.com writes:
On Fri, Nov 22, 2013 at 05:34:03AM -0800, Eric W. Biederman wrote:
[..]
Why ELF case is so interesting. I have not use kexec to boot ELF
images in years and have not seen others using it too. In fact bzImage
seems to be the most common kernel image
44 matches
Mail list logo