[thirdparty/kernel/linux.git] / kernel / Kconfig.kexec

# SPDX-License-Identifier: GPL-2.0-only

menu "Kexec and crash features"

config CRASH_RESERVE
	bool

config VMCORE_INFO
	bool

config KEXEC_CORE
	bool

config KEXEC_ELF
	bool

config HAVE_IMA_KEXEC
	bool

config KEXEC
	bool "Enable kexec system call"
	depends on ARCH_SUPPORTS_KEXEC
	select KEXEC_CORE
	help
	  kexec is a system call that implements the ability to shutdown your
	  current kernel, and to start another kernel. It is like a reboot
	  but it is independent of the system firmware. And like a reboot
	  you can start any kernel with it, not just Linux.

	  The name comes from the similarity to the exec system call.

	  It is an ongoing process to be certain the hardware in a machine
	  is properly shutdown, so do not be surprised if this code does not
	  initially work for you. As of this writing the exact hardware
	  interface is strongly in flux, so no good recommendation can be
	  made.

config KEXEC_FILE
	bool "Enable kexec file based system call"
	depends on ARCH_SUPPORTS_KEXEC_FILE
	select CRYPTO
	select CRYPTO_SHA256
	select KEXEC_CORE
	help
	  This is new version of kexec system call. This system call is
	  file based and takes file descriptors as system call argument
	  for kernel and initramfs as opposed to list of segments as
	  accepted by kexec system call.

config KEXEC_SIG
	bool "Verify kernel signature during kexec_file_load() syscall"
	depends on ARCH_SUPPORTS_KEXEC_SIG
	depends on KEXEC_FILE
	help
	  This option makes the kexec_file_load() syscall check for a valid
	  signature of the kernel image. The image can still be loaded without
	  a valid signature unless you also enable KEXEC_SIG_FORCE, though if
	  there's a signature that we can check, then it must be valid.

	  In addition to this option, you need to enable signature
	  verification for the corresponding kernel image type being
	  loaded in order for this to work.

config KEXEC_SIG_FORCE
	bool "Require a valid signature in kexec_file_load() syscall"
	depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE
	depends on KEXEC_SIG
	help
	  This option makes kernel signature verification mandatory for
	  the kexec_file_load() syscall.

config KEXEC_IMAGE_VERIFY_SIG
	bool "Enable Image signature verification support (ARM)"
	default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG
	depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG
	depends on KEXEC_SIG
	depends on EFI && SIGNED_PE_FILE_VERIFICATION
	help
	  Enable Image signature verification support.

config KEXEC_BZIMAGE_VERIFY_SIG
	bool "Enable bzImage signature verification support"
	depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
	depends on KEXEC_SIG
	depends on SIGNED_PE_FILE_VERIFICATION
	select SYSTEM_TRUSTED_KEYRING
	help
	  Enable bzImage signature verification support.

config KEXEC_JUMP
	bool "kexec jump"
	depends on ARCH_SUPPORTS_KEXEC_JUMP
	depends on KEXEC && HIBERNATION
	help
	  Jump between original kernel and kexeced kernel and invoke
	  code in physical address mode via KEXEC

config CRASH_DUMP
	bool "kernel crash dumps"
	default y
	depends on ARCH_SUPPORTS_CRASH_DUMP
	depends on KEXEC_CORE
	select VMCORE_INFO
	select CRASH_RESERVE
	help
	  Generate crash dump after being started by kexec.
	  This should be normally only set in special crash dump kernels
	  which are loaded in the main kernel with kexec-tools into
	  a specially reserved region and then later executed after
	  a crash by kdump/kexec. The crash dump kernel must be compiled
	  to a memory address not used by the main kernel or BIOS using
	  PHYSICAL_START, or it must be built as a relocatable image
	  (CONFIG_RELOCATABLE=y).
	  For more details see Documentation/admin-guide/kdump/kdump.rst

	  For s390, this option also enables zfcpdump.
	  See also <file:Documentation/arch/s390/zfcpdump.rst>

config CRASH_HOTPLUG
	bool "Update the crash elfcorehdr on system configuration changes"
	default y
	depends on CRASH_DUMP && (HOTPLUG_CPU || MEMORY_HOTPLUG)
	depends on ARCH_SUPPORTS_CRASH_HOTPLUG
	help
	  Enable direct update to the crash elfcorehdr (which contains
	  the list of CPUs and memory regions to be dumped upon a crash)
	  in response to hot plug/unplug or online/offline of CPUs or
	  memory. This is a much more advanced approach than userspace
	  attempting that.

	  If unsure, say Y.

config CRASH_MAX_MEMORY_RANGES
	int "Specify the maximum number of memory regions for the elfcorehdr"
	default 8192
	depends on CRASH_HOTPLUG
	help
	  For the kexec_file_load() syscall path, specify the maximum number of
	  memory regions that the elfcorehdr buffer/segment can accommodate.
	  These regions are obtained via walk_system_ram_res(); eg. the
	  'System RAM' entries in /proc/iomem.
	  This value is combined with NR_CPUS_DEFAULT and multiplied by
	  sizeof(Elf64_Phdr) to determine the final elfcorehdr memory buffer/
	  segment size.
	  The value 8192, for example, covers a (sparsely populated) 1TiB system
	  consisting of 128MiB memblocks, while resulting in an elfcorehdr
	  memory buffer/segment size under 1MiB. This represents a sane choice
	  to accommodate both baremetal and virtual machine configurations.

	  For the kexec_load() syscall path, CRASH_MAX_MEMORY_RANGES is part of
	  the computation behind the value provided through the
	  /sys/kernel/crash_elfcorehdr_size attribute.

endmenu
Commit	Line	Data
89cde455 ED	1	# SPDX-License-Identifier: GPL-2.0-only
	2
	3	menu "Kexec and crash features"
	4
85fcde40 BH	5	config CRASH_RESERVE
	6	bool
	7
443cbaf9	8	config VMCORE_INFO
89cde455 ED	9	bool
	10
	11	config KEXEC_CORE
89cde455 ED	12	bool
	13
	14	config KEXEC_ELF
	15	bool
	16
	17	config HAVE_IMA_KEXEC
	18	bool
	19
	20	config KEXEC
	21	bool "Enable kexec system call"
89cde455 ED	22	depends on ARCH_SUPPORTS_KEXEC
	23	select KEXEC_CORE
	24	help
	25	kexec is a system call that implements the ability to shutdown your
	26	current kernel, and to start another kernel. It is like a reboot
	27	but it is independent of the system firmware. And like a reboot
	28	you can start any kernel with it, not just Linux.
	29
	30	The name comes from the similarity to the exec system call.
	31
	32	It is an ongoing process to be certain the hardware in a machine
	33	is properly shutdown, so do not be surprised if this code does not
	34	initially work for you. As of this writing the exact hardware
	35	interface is strongly in flux, so no good recommendation can be
	36	made.
	37
	38	config KEXEC_FILE
	39	bool "Enable kexec file based system call"
	40	depends on ARCH_SUPPORTS_KEXEC_FILE
e63bde3d AB	41	select CRYPTO
e63bde3d AB	42	select CRYPTO_SHA256
89cde455 ED	43	select KEXEC_CORE
	44	help
	45	This is new version of kexec system call. This system call is
	46	file based and takes file descriptors as system call argument
	47	for kernel and initramfs as opposed to list of segments as
	48	accepted by kexec system call.
	49
	50	config KEXEC_SIG
	51	bool "Verify kernel signature during kexec_file_load() syscall"
	52	depends on ARCH_SUPPORTS_KEXEC_SIG
	53	depends on KEXEC_FILE
	54	help
	55	This option makes the kexec_file_load() syscall check for a valid
	56	signature of the kernel image. The image can still be loaded without
	57	a valid signature unless you also enable KEXEC_SIG_FORCE, though if
	58	there's a signature that we can check, then it must be valid.
	59
	60	In addition to this option, you need to enable signature
	61	verification for the corresponding kernel image type being
	62	loaded in order for this to work.
	63
	64	config KEXEC_SIG_FORCE
	65	bool "Require a valid signature in kexec_file_load() syscall"
	66	depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE
	67	depends on KEXEC_SIG
	68	help
	69	This option makes kernel signature verification mandatory for
	70	the kexec_file_load() syscall.
	71
	72	config KEXEC_IMAGE_VERIFY_SIG
	73	bool "Enable Image signature verification support (ARM)"
	74	default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG
	75	depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG
	76	depends on KEXEC_SIG
	77	depends on EFI && SIGNED_PE_FILE_VERIFICATION
	78	help
	79	Enable Image signature verification support.
	80
	81	config KEXEC_BZIMAGE_VERIFY_SIG
	82	bool "Enable bzImage signature verification support"
	83	depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
	84	depends on KEXEC_SIG
	85	depends on SIGNED_PE_FILE_VERIFICATION
	86	select SYSTEM_TRUSTED_KEYRING
	87	help
	88	Enable bzImage signature verification support.
	89
	90	config KEXEC_JUMP
	91	bool "kexec jump"
	92	depends on ARCH_SUPPORTS_KEXEC_JUMP
	93	depends on KEXEC && HIBERNATION
	94	help
	95	Jump between original kernel and kexeced kernel and invoke
	96	code in physical address mode via KEXEC
	97
	98	config CRASH_DUMP
	99	bool "kernel crash dumps"
75bc255a	100	default y
89cde455	101	depends on ARCH_SUPPORTS_CRASH_DUMP
75bc255a BH	102	depends on KEXEC_CORE
	103	select VMCORE_INFO
	104	select CRASH_RESERVE
89cde455 ED	105	help
	106	Generate crash dump after being started by kexec.
	107	This should be normally only set in special crash dump kernels
	108	which are loaded in the main kernel with kexec-tools into
	109	a specially reserved region and then later executed after
	110	a crash by kdump/kexec. The crash dump kernel must be compiled
	111	to a memory address not used by the main kernel or BIOS using
	112	PHYSICAL_START, or it must be built as a relocatable image
	113	(CONFIG_RELOCATABLE=y).
	114	For more details see Documentation/admin-guide/kdump/kdump.rst
	115
	116	For s390, this option also enables zfcpdump.
c0d2f4ce	117	See also <file:Documentation/arch/s390/zfcpdump.rst>
89cde455	118
24726275 ED	119	config CRASH_HOTPLUG
	120	bool "Update the crash elfcorehdr on system configuration changes"
	121	default y
	122	depends on CRASH_DUMP && (HOTPLUG_CPU \|\| MEMORY_HOTPLUG)
	123	depends on ARCH_SUPPORTS_CRASH_HOTPLUG
	124	help
	125	Enable direct update to the crash elfcorehdr (which contains
	126	the list of CPUs and memory regions to be dumped upon a crash)
	127	in response to hot plug/unplug or online/offline of CPUs or
	128	memory. This is a much more advanced approach than userspace
	129	attempting that.
	130
	131	If unsure, say Y.
	132
	133	config CRASH_MAX_MEMORY_RANGES
	134	int "Specify the maximum number of memory regions for the elfcorehdr"
	135	default 8192
	136	depends on CRASH_HOTPLUG
	137	help
	138	For the kexec_file_load() syscall path, specify the maximum number of
	139	memory regions that the elfcorehdr buffer/segment can accommodate.
	140	These regions are obtained via walk_system_ram_res(); eg. the
	141	'System RAM' entries in /proc/iomem.
	142	This value is combined with NR_CPUS_DEFAULT and multiplied by
	143	sizeof(Elf64_Phdr) to determine the final elfcorehdr memory buffer/
	144	segment size.
	145	The value 8192, for example, covers a (sparsely populated) 1TiB system
	146	consisting of 128MiB memblocks, while resulting in an elfcorehdr
	147	memory buffer/segment size under 1MiB. This represents a sane choice
	148	to accommodate both baremetal and virtual machine configurations.
	149
a72bbec7 ED	150	For the kexec_load() syscall path, CRASH_MAX_MEMORY_RANGES is part of
	151	the computation behind the value provided through the
	152	/sys/kernel/crash_elfcorehdr_size attribute.
	153
89cde455	154	endmenu