mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-28 11:18:45 +07:00
f3b70e5094
This patch provides kexec_file_ops for "Image"-format kernel. In this
implementation, a binary is always loaded with a fixed offset identified
in text_offset field of its header.
Regarding signature verification for trusted boot, this patch doesn't
contains CONFIG_KEXEC_VERIFY_SIG support, which is to be added later
in this series, but file-attribute-based verification is still a viable
option by enabling IMA security subsystem.
You can sign(label) a to-be-kexec'ed kernel image on target file system
with:
$ evmctl ima_sign --key /path/to/private_key.pem Image
On live system, you must have IMA enforced with, at least, the following
security policy:
"appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig"
See more details about IMA here:
https://sourceforge.net/p/linux-ima/wiki/Home/
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Reviewed-by: James Morse <james.morse@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
70 lines
2.6 KiB
Makefile
70 lines
2.6 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Makefile for the linux kernel.
|
|
#
|
|
|
|
CPPFLAGS_vmlinux.lds := -DTEXT_OFFSET=$(TEXT_OFFSET)
|
|
AFLAGS_head.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
|
|
CFLAGS_armv8_deprecated.o := -I$(src)
|
|
|
|
CFLAGS_REMOVE_ftrace.o = -pg
|
|
CFLAGS_REMOVE_insn.o = -pg
|
|
CFLAGS_REMOVE_return_address.o = -pg
|
|
|
|
# Object file lists.
|
|
arm64-obj-y := debug-monitors.o entry.o irq.o fpsimd.o \
|
|
entry-fpsimd.o process.o ptrace.o setup.o signal.o \
|
|
sys.o stacktrace.o time.o traps.o io.o vdso.o \
|
|
hyp-stub.o psci.o cpu_ops.o insn.o \
|
|
return_address.o cpuinfo.o cpu_errata.o \
|
|
cpufeature.o alternative.o cacheinfo.o \
|
|
smp.o smp_spin_table.o topology.o smccc-call.o \
|
|
syscall.o
|
|
|
|
extra-$(CONFIG_EFI) := efi-entry.o
|
|
|
|
OBJCOPYFLAGS := --prefix-symbols=__efistub_
|
|
$(obj)/%.stub.o: $(obj)/%.o FORCE
|
|
$(call if_changed,objcopy)
|
|
|
|
arm64-obj-$(CONFIG_COMPAT) += sys32.o kuser32.o signal32.o \
|
|
sys_compat.o
|
|
arm64-obj-$(CONFIG_FUNCTION_TRACER) += ftrace.o entry-ftrace.o
|
|
arm64-obj-$(CONFIG_MODULES) += arm64ksyms.o module.o
|
|
arm64-obj-$(CONFIG_ARM64_MODULE_PLTS) += module-plts.o
|
|
arm64-obj-$(CONFIG_PERF_EVENTS) += perf_regs.o perf_callchain.o
|
|
arm64-obj-$(CONFIG_HW_PERF_EVENTS) += perf_event.o
|
|
arm64-obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o
|
|
arm64-obj-$(CONFIG_CPU_PM) += sleep.o suspend.o
|
|
arm64-obj-$(CONFIG_CPU_IDLE) += cpuidle.o
|
|
arm64-obj-$(CONFIG_JUMP_LABEL) += jump_label.o
|
|
arm64-obj-$(CONFIG_KGDB) += kgdb.o
|
|
arm64-obj-$(CONFIG_EFI) += efi.o efi-entry.stub.o \
|
|
efi-rt-wrapper.o
|
|
arm64-obj-$(CONFIG_PCI) += pci.o
|
|
arm64-obj-$(CONFIG_ARMV8_DEPRECATED) += armv8_deprecated.o
|
|
arm64-obj-$(CONFIG_ACPI) += acpi.o
|
|
arm64-obj-$(CONFIG_ACPI_NUMA) += acpi_numa.o
|
|
arm64-obj-$(CONFIG_ARM64_ACPI_PARKING_PROTOCOL) += acpi_parking_protocol.o
|
|
arm64-obj-$(CONFIG_PARAVIRT) += paravirt.o
|
|
arm64-obj-$(CONFIG_RANDOMIZE_BASE) += kaslr.o
|
|
arm64-obj-$(CONFIG_HIBERNATION) += hibernate.o hibernate-asm.o
|
|
arm64-obj-$(CONFIG_KEXEC_CORE) += machine_kexec.o relocate_kernel.o \
|
|
cpu-reset.o
|
|
arm64-obj-$(CONFIG_KEXEC_FILE) += machine_kexec_file.o kexec_image.o
|
|
arm64-obj-$(CONFIG_ARM64_RELOC_TEST) += arm64-reloc-test.o
|
|
arm64-reloc-test-y := reloc_test_core.o reloc_test_syms.o
|
|
arm64-obj-$(CONFIG_CRASH_DUMP) += crash_dump.o
|
|
arm64-obj-$(CONFIG_CRASH_CORE) += crash_core.o
|
|
arm64-obj-$(CONFIG_ARM_SDE_INTERFACE) += sdei.o
|
|
arm64-obj-$(CONFIG_ARM64_SSBD) += ssbd.o
|
|
|
|
obj-y += $(arm64-obj-y) vdso/ probes/
|
|
obj-m += $(arm64-obj-m)
|
|
head-y := head.o
|
|
extra-y += $(head-y) vmlinux.lds
|
|
|
|
ifeq ($(CONFIG_DEBUG_EFI),y)
|
|
AFLAGS_head.o += -DVMLINUX_PATH="\"$(realpath $(objtree)/vmlinux)\""
|
|
endif
|