[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/2] x86/kexec: Implement crash kexec for Secure Boot

  • To: xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Kevin Lampis <kevin.lampis@xxxxxxxxxx>
  • Date: Tue, 2 Jun 2026 17:49:09 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0Ao1A6TazqD3HAiyLKxm5Y6bvkJFT56da5zfk2wbE6g=; b=Krflo0yrzjUVULWIUuKpH/xLYGbH38jVH1Bw/EBrjKMYNsrcI3FrjOxJIU2nyElplen2vjWURKTvNRfCQ4RwEmIREWzrbSU1D5SQzwMcf27vh72fBSVPKgO9+GszhWechHeL/P1D29yNx4daezefK3tESeL2B1CkT3u9eReDmI6/1VlBlcUV+bM1nVKR/QBQ8eRIGd2CCo3cQb5eKJPPvXpHJenZytUztV6lLWhZ2Z0Qcxlic224FZ2o6b2zFR1/eChFdyVKQ6rDxKY4fxXqVLCm5vEBKb1HaXKBJtNu121vhLffKNzpjS0Gk7IxF6ohKoCjfhlEa84qdgWQ8+TVww==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=W5Ry7R6ulYVOKWroGYUGWdsrrL8Cd68eUSlsMOAB8D0axnjP11s6IV2SJ6AknDfSI1ihWEgtBXwWrAcShdfHh4ng3mRdPwgsTwC/97kYjJpPOlxpXY6Xt4J4klc5zL+YFZlDCbarWJLq2J/mG1u1mfxW022lTwW9bVmAiDqUAvd8ypwdIQTY+1JdLWrGezz0nH4JCHp79Rc9aZOj2uaMZ968xs6rc5i4IJrrhCW722ttvITDVwOdkMnK7QIi1ERlXY3d3+Ef6mRyKRrp0m3YSna3+xn/x6UUeQSLIJcOhJqQ9a1/3FEAesmq6RPP6GYhSSkf6eBAGVZMYZpncdmugg==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: jbeulich@xxxxxxxx, andrew.cooper3@xxxxxxxxxx, roger.pau@xxxxxxxxxx, Kevin Lampis <kevin.lampis@xxxxxxxxxx>
  • Delivery-date: Tue, 02 Jun 2026 16:49:12 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
This replaces the previous series
[PATCH v2 0/4] Allows Secure Boot for Kexec
https://lore.kernel.org/xen-devel/20250507094253.10395-1-freddy77@xxxxxxxxx/

The main feedback last time was that almost all the purgatory code could
be removed.
- The digest check is now done in machine_kexec() instead of purgatory
- GPRs are cleared in kexec_reloc.S which shouldn't affect non-EFI kexec

Kevin Lampis (1):
  x86: Implement crash kexec for EFI

Ross Lagerwall (1):
  Add lockdown mode

 xen/arch/x86/bzimage.c                   |  40 +---
 xen/arch/x86/include/asm/machine_kexec.h |   2 +-
 xen/arch/x86/machine_kexec.c             |  10 +-
 xen/arch/x86/setup.c                     |   1 +
 xen/arch/x86/x86_64/kexec_reloc.S        |  16 ++
 xen/common/Kconfig                       |   8 +
 xen/common/Makefile                      |   1 +
 xen/common/kernel.c                      |   4 +
 xen/common/kexec.c                       |  41 +++-
 xen/common/kimage.c                      | 264 +++++++++++++++++++----
 xen/common/lockdown.c                    |  56 +++++
 xen/include/public/kexec.h               |  23 +-
 xen/include/xen/kimage.h                 |  23 +-
 xen/include/xen/lockdown.h               |   9 +
 xen/include/xen/x86-linux.h              |  62 ++++++
 15 files changed, 460 insertions(+), 100 deletions(-)
 create mode 100644 xen/common/lockdown.c
 create mode 100644 xen/include/xen/lockdown.h
 create mode 100644 xen/include/xen/x86-linux.h

-- 
2.52.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.