# SPDX-License-Identifier: GPL-2.0-only menu "Kexec and crash features" config CRASH_CORE bool config KEXEC_CORE select CRASH_CORE bool config KEXEC_ELF bool config HAVE_IMA_KEXEC bool config KEXEC bool "Enable kexec system call" depends on ARCH_SUPPORTS_KEXEC select KEXEC_CORE help kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot but it is independent of the system firmware. And like a reboot you can start any kernel with it, not just Linux. The name comes from the similarity to the exec system call. It is an ongoing process to be certain the hardware in a machine is properly shutdown, so do not be surprised if this code does not initially work for you. As of this writing the exact hardware interface is strongly in flux, so no good recommendation can be made. config KEXEC_FILE bool "Enable kexec file based system call" depends on ARCH_SUPPORTS_KEXEC_FILE select KEXEC_CORE help This is new version of kexec system call. This system call is file based and takes file descriptors as system call argument for kernel and initramfs as opposed to list of segments as accepted by kexec system call. config KEXEC_SIG bool "Verify kernel signature during kexec_file_load() syscall" depends on ARCH_SUPPORTS_KEXEC_SIG depends on KEXEC_FILE help This option makes the kexec_file_load() syscall check for a valid signature of the kernel image. The image can still be loaded without a valid signature unless you also enable KEXEC_SIG_FORCE, though if there's a signature that we can check, then it must be valid. In addition to this option, you need to enable signature verification for the corresponding kernel image type being loaded in order for this to work. config KEXEC_SIG_FORCE bool "Require a valid signature in kexec_file_load() syscall" depends on ARCH_SUPPORTS_KEXEC_SIG_FORCE depends on KEXEC_SIG help This option makes kernel signature verification mandatory for the kexec_file_load() syscall. config KEXEC_IMAGE_VERIFY_SIG bool "Enable Image signature verification support (ARM)" default ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG depends on ARCH_SUPPORTS_KEXEC_IMAGE_VERIFY_SIG depends on KEXEC_SIG depends on EFI && SIGNED_PE_FILE_VERIFICATION help Enable Image signature verification support. config KEXEC_BZIMAGE_VERIFY_SIG bool "Enable bzImage signature verification support" depends on ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG depends on KEXEC_SIG depends on SIGNED_PE_FILE_VERIFICATION select SYSTEM_TRUSTED_KEYRING help Enable bzImage signature verification support. config KEXEC_JUMP bool "kexec jump" depends on ARCH_SUPPORTS_KEXEC_JUMP depends on KEXEC && HIBERNATION help Jump between original kernel and kexeced kernel and invoke code in physical address mode via KEXEC config CRASH_DUMP bool "kernel crash dumps" depends on ARCH_SUPPORTS_CRASH_DUMP depends on ARCH_SUPPORTS_KEXEC select CRASH_CORE select KEXEC_CORE select KEXEC help Generate crash dump after being started by kexec. This should be normally only set in special crash dump kernels which are loaded in the main kernel with kexec-tools into a specially reserved region and then later executed after a crash by kdump/kexec. The crash dump kernel must be compiled to a memory address not used by the main kernel or BIOS using PHYSICAL_START, or it must be built as a relocatable image (CONFIG_RELOCATABLE=y). For more details see Documentation/admin-guide/kdump/kdump.rst For s390, this option also enables zfcpdump. See also endmenu