1# SPDX-License-Identifier: GPL-2.0-only
2
3menu "Kexec and crash features"
4
5config CRASH_RESERVE
6	bool
7
8config VMCORE_INFO
9	bool
10
11config KEXEC_CORE
12	bool
13
14config KEXEC_ELF
15	bool
16
17config HAVE_IMA_KEXEC
18	bool
19
20config KEXEC
21	bool "Enable kexec system call"
22	depends on ARCH_SUPPORTS_KEXEC
23	select KEXEC_CORE
24	help
25	  kexec is a system call that implements the ability to shutdown your
26	  current kernel, and to start another kernel. It is like a reboot
27	  but it is independent of the system firmware. And like a reboot
28	  you can start any kernel with it, not just Linux.
29
30	  The name comes from the similarity to the exec system call.
31
32	  It is an ongoing process to be certain the hardware in a machine
33	  is properly shutdown, so do not be surprised if this code does not
34	  initially work for you. As of this writing the exact hardware
35	  interface is strongly in flux, so no good recommendation can be
36	  made.
37
38config KEXEC_FILE
39	bool "Enable kexec file based system call"
40	depends on ARCH_SUPPORTS_KEXEC_FILE
41	select CRYPTO
42	select CRYPTO_SHA256
43	select KEXEC_CORE
44	help
45	  This is new version of kexec system call. This system call is
46	  file based and takes file descriptors as system call argument
47	  for kernel and initramfs as opposed to list of segments as
48	  accepted by kexec system call.
49
50config KEXEC_SIG
51	bool "Verify kernel signature during kexec_file_load() syscall"
52	depends on ARCH_SUPPORTS_KEXEC_SIG
53	depends on KEXEC_FILE
54	help
55	  This option makes the kexec_file_load() syscall check for a valid
56	  signature of the kernel image. The image can still be loaded without
57	  a valid signature unless you also enable KEXEC_SIG_FORCE, though if
58	  there's a signature that we can check, then it must be valid.
59
60	  In addition to this option, you need to enable signature
61	  verification for the corresponding kernel image type being
62	  loaded in order for this to work.
63
64config KEXEC_SIG_FORCE
65	bool "Require a valid signature in kexec_file_load() syscall"
66	depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE
67	depends on KEXEC_SIG
68	help
69	  This option makes kernel signature verification mandatory for
70	  the kexec_file_load() syscall.
71
72config KEXEC_IMAGE_VERIFY_SIG
73	bool "Enable Image signature verification support (ARM)"
74	default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG
75	depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG
76	depends on KEXEC_SIG
77	depends on EFI && SIGNED_PE_FILE_VERIFICATION
78	help
79	  Enable Image signature verification support.
80
81config KEXEC_BZIMAGE_VERIFY_SIG
82	bool "Enable bzImage signature verification support"
83	depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
84	depends on KEXEC_SIG
85	depends on SIGNED_PE_FILE_VERIFICATION
86	select SYSTEM_TRUSTED_KEYRING
87	help
88	  Enable bzImage signature verification support.
89
90config KEXEC_JUMP
91	bool "kexec jump"
92	depends on ARCH_SUPPORTS_KEXEC_JUMP
93	depends on KEXEC && HIBERNATION
94	help
95	  Jump between original kernel and kexeced kernel and invoke
96	  code in physical address mode via KEXEC
97
98config CRASH_DUMP
99	bool "kernel crash dumps"
100	default ARCH_DEFAULT_CRASH_DUMP
101	depends on ARCH_SUPPORTS_CRASH_DUMP
102	depends on KEXEC_CORE
103	select VMCORE_INFO
104	select CRASH_RESERVE
105	help
106	  Generate crash dump after being started by kexec.
107	  This should be normally only set in special crash dump kernels
108	  which are loaded in the main kernel with kexec-tools into
109	  a specially reserved region and then later executed after
110	  a crash by kdump/kexec. The crash dump kernel must be compiled
111	  to a memory address not used by the main kernel or BIOS using
112	  PHYSICAL_START, or it must be built as a relocatable image
113	  (CONFIG_RELOCATABLE=y).
114	  For more details see Documentation/admin-guide/kdump/kdump.rst
115
116	  For s390, this option also enables zfcpdump.
117	  See also <file:Documentation/arch/s390/zfcpdump.rst>
118
119config CRASH_HOTPLUG
120	bool "Update the crash elfcorehdr on system configuration changes"
121	default y
122	depends on CRASH_DUMP && (HOTPLUG_CPU || MEMORY_HOTPLUG)
123	depends on ARCH_SUPPORTS_CRASH_HOTPLUG
124	help
125	  Enable direct update to the crash elfcorehdr (which contains
126	  the list of CPUs and memory regions to be dumped upon a crash)
127	  in response to hot plug/unplug or online/offline of CPUs or
128	  memory. This is a much more advanced approach than userspace
129	  attempting that.
130
131	  If unsure, say Y.
132
133config CRASH_MAX_MEMORY_RANGES
134	int "Specify the maximum number of memory regions for the elfcorehdr"
135	default 8192
136	depends on CRASH_HOTPLUG
137	help
138	  For the kexec_file_load() syscall path, specify the maximum number of
139	  memory regions that the elfcorehdr buffer/segment can accommodate.
140	  These regions are obtained via walk_system_ram_res(); eg. the
141	  'System RAM' entries in /proc/iomem.
142	  This value is combined with NR_CPUS_DEFAULT and multiplied by
143	  sizeof(Elf64_Phdr) to determine the final elfcorehdr memory buffer/
144	  segment size.
145	  The value 8192, for example, covers a (sparsely populated) 1TiB system
146	  consisting of 128MiB memblocks, while resulting in an elfcorehdr
147	  memory buffer/segment size under 1MiB. This represents a sane choice
148	  to accommodate both baremetal and virtual machine configurations.
149
150	  For the kexec_load() syscall path, CRASH_MAX_MEMORY_RANGES is part of
151	  the computation behind the value provided through the
152	  /sys/kernel/crash_elfcorehdr_size attribute.
153
154endmenu
155