1# SPDX-License-Identifier: GPL-2.0-only
  2
  3menu "Kexec and crash features"
  4
  5config CRASH_CORE
  6	bool
  7
  8config KEXEC_CORE
  9	select CRASH_CORE
 10	bool
 11
 12config KEXEC_ELF
 13	bool
 14
 15config HAVE_IMA_KEXEC
 16	bool
 17
 18config KEXEC
 19	bool "Enable kexec system call"
 20	depends on ARCH_SUPPORTS_KEXEC
 21	select KEXEC_CORE
 22	help
 23	  kexec is a system call that implements the ability to shutdown your
 24	  current kernel, and to start another kernel. It is like a reboot
 25	  but it is independent of the system firmware. And like a reboot
 26	  you can start any kernel with it, not just Linux.
 27
 28	  The name comes from the similarity to the exec system call.
 29
 30	  It is an ongoing process to be certain the hardware in a machine
 31	  is properly shutdown, so do not be surprised if this code does not
 32	  initially work for you. As of this writing the exact hardware
 33	  interface is strongly in flux, so no good recommendation can be
 34	  made.
 35
 36config KEXEC_FILE
 37	bool "Enable kexec file based system call"
 38	depends on ARCH_SUPPORTS_KEXEC_FILE
 39	select CRYPTO
 40	select CRYPTO_SHA256
 41	select KEXEC_CORE
 42	help
 43	  This is new version of kexec system call. This system call is
 44	  file based and takes file descriptors as system call argument
 45	  for kernel and initramfs as opposed to list of segments as
 46	  accepted by kexec system call.
 47
 48config KEXEC_SIG
 49	bool "Verify kernel signature during kexec_file_load() syscall"
 50	depends on ARCH_SUPPORTS_KEXEC_SIG
 51	depends on KEXEC_FILE
 52	help
 53	  This option makes the kexec_file_load() syscall check for a valid
 54	  signature of the kernel image. The image can still be loaded without
 55	  a valid signature unless you also enable KEXEC_SIG_FORCE, though if
 56	  there's a signature that we can check, then it must be valid.
 57
 58	  In addition to this option, you need to enable signature
 59	  verification for the corresponding kernel image type being
 60	  loaded in order for this to work.
 61
 62config KEXEC_SIG_FORCE
 63	bool "Require a valid signature in kexec_file_load() syscall"
 64	depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE
 65	depends on KEXEC_SIG
 66	help
 67	  This option makes kernel signature verification mandatory for
 68	  the kexec_file_load() syscall.
 69
 70config KEXEC_IMAGE_VERIFY_SIG
 71	bool "Enable Image signature verification support (ARM)"
 72	default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG
 73	depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG
 74	depends on KEXEC_SIG
 75	depends on EFI && SIGNED_PE_FILE_VERIFICATION
 76	help
 77	  Enable Image signature verification support.
 78
 79config KEXEC_BZIMAGE_VERIFY_SIG
 80	bool "Enable bzImage signature verification support"
 81	depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
 82	depends on KEXEC_SIG
 83	depends on SIGNED_PE_FILE_VERIFICATION
 84	select SYSTEM_TRUSTED_KEYRING
 85	help
 86	  Enable bzImage signature verification support.
 87
 88config KEXEC_JUMP
 89	bool "kexec jump"
 90	depends on ARCH_SUPPORTS_KEXEC_JUMP
 91	depends on KEXEC && HIBERNATION
 92	help
 93	  Jump between original kernel and kexeced kernel and invoke
 94	  code in physical address mode via KEXEC
 95
 96config CRASH_DUMP
 97	bool "kernel crash dumps"
 98	depends on ARCH_SUPPORTS_CRASH_DUMP
 99	select CRASH_CORE
100	select KEXEC_CORE
101	help
102	  Generate crash dump after being started by kexec.
103	  This should be normally only set in special crash dump kernels
104	  which are loaded in the main kernel with kexec-tools into
105	  a specially reserved region and then later executed after
106	  a crash by kdump/kexec. The crash dump kernel must be compiled
107	  to a memory address not used by the main kernel or BIOS using
108	  PHYSICAL_START, or it must be built as a relocatable image
109	  (CONFIG_RELOCATABLE=y).
110	  For more details see Documentation/admin-guide/kdump/kdump.rst
111
112	  For s390, this option also enables zfcpdump.
113	  See also <file:Documentation/arch/s390/zfcpdump.rst>
114
115config CRASH_HOTPLUG
116	bool "Update the crash elfcorehdr on system configuration changes"
117	default y
118	depends on CRASH_DUMP && (HOTPLUG_CPU || MEMORY_HOTPLUG)
119	depends on ARCH_SUPPORTS_CRASH_HOTPLUG
120	help
121	  Enable direct update to the crash elfcorehdr (which contains
122	  the list of CPUs and memory regions to be dumped upon a crash)
123	  in response to hot plug/unplug or online/offline of CPUs or
124	  memory. This is a much more advanced approach than userspace
125	  attempting that.
126
127	  If unsure, say Y.
128
129config CRASH_MAX_MEMORY_RANGES
130	int "Specify the maximum number of memory regions for the elfcorehdr"
131	default 8192
132	depends on CRASH_HOTPLUG
133	help
134	  For the kexec_file_load() syscall path, specify the maximum number of
135	  memory regions that the elfcorehdr buffer/segment can accommodate.
136	  These regions are obtained via walk_system_ram_res(); eg. the
137	  'System RAM' entries in /proc/iomem.
138	  This value is combined with NR_CPUS_DEFAULT and multiplied by
139	  sizeof(Elf64_Phdr) to determine the final elfcorehdr memory buffer/
140	  segment size.
141	  The value 8192, for example, covers a (sparsely populated) 1TiB system
142	  consisting of 128MiB memblocks, while resulting in an elfcorehdr
143	  memory buffer/segment size under 1MiB. This represents a sane choice
144	  to accommodate both baremetal and virtual machine configurations.
145
146	  For the kexec_load() syscall path, CRASH_MAX_MEMORY_RANGES is part of
147	  the computation behind the value provided through the
148	  /sys/kernel/crash_elfcorehdr_size attribute.
149
150endmenu