xref: /linux/kernel/Kconfig.kexec (revision 537d196186e0a0ce28e494ca1881885accc35a12) 
1# SPDX-License-Identifier: GPL-2.0-only
2
3menu "Kexec and crash features"
4
5config CRASH_RESERVE
6	bool
7
8config VMCORE_INFO
9	bool
10
11config KEXEC_CORE
12	bool
13
14config KEXEC_ELF
15	bool
16
17config HAVE_IMA_KEXEC
18	bool
19
20config KEXEC
21	bool "Enable kexec system call"
22	depends on ARCH_SUPPORTS_KEXEC
23	select KEXEC_CORE
24	help
25	  kexec is a system call that implements the ability to shutdown your
26	  current kernel, and to start another kernel. It is like a reboot
27	  but it is independent of the system firmware. And like a reboot
28	  you can start any kernel with it, not just Linux.
29
30	  The name comes from the similarity to the exec system call.
31
32	  It is an ongoing process to be certain the hardware in a machine
33	  is properly shutdown, so do not be surprised if this code does not
34	  initially work for you. As of this writing the exact hardware
35	  interface is strongly in flux, so no good recommendation can be
36	  made.
37
38config KEXEC_FILE
39	bool "Enable kexec file based system call"
40	depends on ARCH_SUPPORTS_KEXEC_FILE
41	select CRYPTO_LIB_SHA256
42	select KEXEC_CORE
43	help
44	  This is new version of kexec system call. This system call is
45	  file based and takes file descriptors as system call argument
46	  for kernel and initramfs as opposed to list of segments as
47	  accepted by kexec system call.
48
49config KEXEC_SIG
50	bool "Verify kernel signature during kexec_file_load() syscall"
51	depends on ARCH_SUPPORTS_KEXEC_SIG
52	depends on KEXEC_FILE
53	help
54	  This option makes the kexec_file_load() syscall check for a valid
55	  signature of the kernel image. The image can still be loaded without
56	  a valid signature unless you also enable KEXEC_SIG_FORCE, though if
57	  there's a signature that we can check, then it must be valid.
58
59	  In addition to this option, you need to enable signature
60	  verification for the corresponding kernel image type being
61	  loaded in order for this to work.
62
63config KEXEC_SIG_FORCE
64	bool "Require a valid signature in kexec_file_load() syscall"
65	depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE
66	depends on KEXEC_SIG
67	help
68	  This option makes kernel signature verification mandatory for
69	  the kexec_file_load() syscall.
70
71config KEXEC_IMAGE_VERIFY_SIG
72	bool "Enable Image signature verification support (ARM)"
73	default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG
74	depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG
75	depends on KEXEC_SIG
76	depends on EFI && SIGNED_PE_FILE_VERIFICATION
77	help
78	  Enable Image signature verification support.
79
80config KEXEC_BZIMAGE_VERIFY_SIG
81	bool "Enable bzImage signature verification support"
82	depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
83	depends on KEXEC_SIG
84	depends on SIGNED_PE_FILE_VERIFICATION
85	select SYSTEM_TRUSTED_KEYRING
86	help
87	  Enable bzImage signature verification support.
88
89config KEXEC_JUMP
90	bool "kexec jump"
91	depends on ARCH_SUPPORTS_KEXEC_JUMP
92	depends on KEXEC && HIBERNATION
93	help
94	  Jump between original kernel and kexeced kernel and invoke
95	  code in physical address mode via KEXEC
96
97config KEXEC_HANDOVER
98	bool "kexec handover"
99	depends on ARCH_SUPPORTS_KEXEC_HANDOVER && ARCH_SUPPORTS_KEXEC_FILE
100	depends on !DEFERRED_STRUCT_PAGE_INIT
101	select MEMBLOCK_KHO_SCRATCH
102	select KEXEC_FILE
103	select DEBUG_FS
104	select LIBFDT
105	select CMA
106	help
107	  Allow kexec to hand over state across kernels by generating and
108	  passing additional metadata to the target kernel. This is useful
109	  to keep data or state alive across the kexec. For this to work,
110	  both source and target kernels need to have this option enabled.
111
112config KEXEC_HANDOVER_DEBUG
113	bool "Enable Kexec Handover debug checks"
114	depends on KEXEC_HANDOVER
115	help
116	  This option enables extra sanity checks for the Kexec Handover
117	  subsystem. Since, KHO performance is crucial in live update
118	  scenarios and the extra code might be adding overhead it is
119	  only optionally enabled.
120
121config CRASH_DUMP
122	bool "kernel crash dumps"
123	default ARCH_DEFAULT_CRASH_DUMP
124	depends on ARCH_SUPPORTS_CRASH_DUMP
125	depends on KEXEC_CORE
126	select VMCORE_INFO
127	select CRASH_RESERVE
128	help
129	  Generate crash dump after being started by kexec.
130	  This should be normally only set in special crash dump kernels
131	  which are loaded in the main kernel with kexec-tools into
132	  a specially reserved region and then later executed after
133	  a crash by kdump/kexec. The crash dump kernel must be compiled
134	  to a memory address not used by the main kernel or BIOS using
135	  PHYSICAL_START, or it must be built as a relocatable image
136	  (CONFIG_RELOCATABLE=y).
137	  For more details see Documentation/admin-guide/kdump/kdump.rst
138
139	  For s390, this option also enables zfcpdump.
140	  See also <file:Documentation/arch/s390/zfcpdump.rst>
141
142config CRASH_DM_CRYPT
143	bool "Support saving crash dump to dm-crypt encrypted volume"
144	depends on KEXEC_FILE
145	depends on CRASH_DUMP
146	depends on DM_CRYPT
147	depends on KEYS
148	help
149	  With this option enabled, user space can intereact with
150	  /sys/kernel/config/crash_dm_crypt_keys to make the dm crypt keys
151	  persistent for the dump-capture kernel.
152
153config CRASH_DM_CRYPT_CONFIGS
154	def_tristate CRASH_DM_CRYPT
155	select CONFIGFS_FS
156	help
157	  CRASH_DM_CRYPT cannot directly select CONFIGFS_FS, because that
158	  is required to be built-in.
159
160config CRASH_DUMP_KUNIT_TEST
161	tristate "Unit Tests for kernel crash dumps" if !KUNIT_ALL_TESTS
162	depends on CRASH_DUMP && KUNIT
163	default KUNIT_ALL_TESTS
164	help
165	  This option builds KUnit unit tests for kernel crash dumps. The unit
166	  tests will be used to verify the correctness of covered functions and
167	  also prevent any regression.
168
169	  If unsure, say N.
170
171config CRASH_HOTPLUG
172	bool "Update the crash elfcorehdr on system configuration changes"
173	default y
174	depends on CRASH_DUMP && (HOTPLUG_CPU || MEMORY_HOTPLUG)
175	depends on ARCH_SUPPORTS_CRASH_HOTPLUG
176	help
177	  Enable direct update to the crash elfcorehdr (which contains
178	  the list of CPUs and memory regions to be dumped upon a crash)
179	  in response to hot plug/unplug or online/offline of CPUs or
180	  memory. This is a much more advanced approach than userspace
181	  attempting that.
182
183	  If unsure, say Y.
184
185config CRASH_MAX_MEMORY_RANGES
186	int "Specify the maximum number of memory regions for the elfcorehdr"
187	default 8192
188	depends on CRASH_HOTPLUG
189	help
190	  For the kexec_file_load() syscall path, specify the maximum number of
191	  memory regions that the elfcorehdr buffer/segment can accommodate.
192	  These regions are obtained via walk_system_ram_res(); eg. the
193	  'System RAM' entries in /proc/iomem.
194	  This value is combined with NR_CPUS_DEFAULT and multiplied by
195	  sizeof(Elf64_Phdr) to determine the final elfcorehdr memory buffer/
196	  segment size.
197	  The value 8192, for example, covers a (sparsely populated) 1TiB system
198	  consisting of 128MiB memblocks, while resulting in an elfcorehdr
199	  memory buffer/segment size under 1MiB. This represents a sane choice
200	  to accommodate both baremetal and virtual machine configurations.
201
202	  For the kexec_load() syscall path, CRASH_MAX_MEMORY_RANGES is part of
203	  the computation behind the value provided through the
204	  /sys/kernel/crash_elfcorehdr_size attribute.
205
206endmenu
207