1 # SPDX-License-Identifier: GPL-2.0-only
3 menu "Kexec and crash features"
19 bool "Enable kexec system call"
20 depends on ARCH_SUPPORTS_KEXEC
23 kexec is a system call that implements the ability to shutdown your
24 current kernel, and to start another kernel. It is like a reboot
25 but it is independent of the system firmware. And like a reboot
26 you can start any kernel with it, not just Linux.
28 The name comes from the similarity to the exec system call.
30 It is an ongoing process to be certain the hardware in a machine
31 is properly shutdown, so do not be surprised if this code does not
32 initially work for you. As of this writing the exact hardware
33 interface is strongly in flux, so no good recommendation can be
37 bool "Enable kexec file based system call"
38 depends on ARCH_SUPPORTS_KEXEC_FILE
41 This is new version of kexec system call. This system call is
42 file based and takes file descriptors as system call argument
43 for kernel and initramfs as opposed to list of segments as
44 accepted by kexec system call.
47 bool "Verify kernel signature during kexec_file_load() syscall"
48 depends on ARCH_SUPPORTS_KEXEC_SIG
51 This option makes the kexec_file_load() syscall check for a valid
52 signature of the kernel image. The image can still be loaded without
53 a valid signature unless you also enable KEXEC_SIG_FORCE, though if
54 there's a signature that we can check, then it must be valid.
56 In addition to this option, you need to enable signature
57 verification for the corresponding kernel image type being
58 loaded in order for this to work.
60 config KEXEC_SIG_FORCE
61 bool "Require a valid signature in kexec_file_load() syscall"
62 depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE
65 This option makes kernel signature verification mandatory for
66 the kexec_file_load() syscall.
68 config KEXEC_IMAGE_VERIFY_SIG
69 bool "Enable Image signature verification support (ARM)"
70 default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG
71 depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG
73 depends on EFI && SIGNED_PE_FILE_VERIFICATION
75 Enable Image signature verification support.
77 config KEXEC_BZIMAGE_VERIFY_SIG
78 bool "Enable bzImage signature verification support"
79 depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
81 depends on SIGNED_PE_FILE_VERIFICATION
82 select SYSTEM_TRUSTED_KEYRING
84 Enable bzImage signature verification support.
88 depends on ARCH_SUPPORTS_KEXEC_JUMP
89 depends on KEXEC && HIBERNATION
91 Jump between original kernel and kexeced kernel and invoke
92 code in physical address mode via KEXEC
95 bool "kernel crash dumps"
96 depends on ARCH_SUPPORTS_CRASH_DUMP
97 depends on ARCH_SUPPORTS_KEXEC
102 Generate crash dump after being started by kexec.
103 This should be normally only set in special crash dump kernels
104 which are loaded in the main kernel with kexec-tools into
105 a specially reserved region and then later executed after
106 a crash by kdump/kexec. The crash dump kernel must be compiled
107 to a memory address not used by the main kernel or BIOS using
108 PHYSICAL_START, or it must be built as a relocatable image
109 (CONFIG_RELOCATABLE=y).
110 For more details see Documentation/admin-guide/kdump/kdump.rst
112 For s390, this option also enables zfcpdump.
113 See also <file:Documentation/s390/zfcpdump.rst>
116 bool "Update the crash elfcorehdr on system configuration changes"
118 depends on CRASH_DUMP && (HOTPLUG_CPU || MEMORY_HOTPLUG)
119 depends on ARCH_SUPPORTS_CRASH_HOTPLUG
121 Enable direct update to the crash elfcorehdr (which contains
122 the list of CPUs and memory regions to be dumped upon a crash)
123 in response to hot plug/unplug or online/offline of CPUs or
124 memory. This is a much more advanced approach than userspace
129 config CRASH_MAX_MEMORY_RANGES
130 int "Specify the maximum number of memory regions for the elfcorehdr"
132 depends on CRASH_HOTPLUG
134 For the kexec_file_load() syscall path, specify the maximum number of
135 memory regions that the elfcorehdr buffer/segment can accommodate.
136 These regions are obtained via walk_system_ram_res(); eg. the
137 'System RAM' entries in /proc/iomem.
138 This value is combined with NR_CPUS_DEFAULT and multiplied by
139 sizeof(Elf64_Phdr) to determine the final elfcorehdr memory buffer/
141 The value 8192, for example, covers a (sparsely populated) 1TiB system
142 consisting of 128MiB memblocks, while resulting in an elfcorehdr
143 memory buffer/segment size under 1MiB. This represents a sane choice
144 to accommodate both baremetal and virtual machine configurations.
146 For the kexec_load() syscall path, CRASH_MAX_MEMORY_RANGES is part of
147 the computation behind the value provided through the
148 /sys/kernel/crash_elfcorehdr_size attribute.