[18.10 FEAT] Enable kexec_file_load system call - kexec-tools part
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Canonical Kernel Team | ||
kexec-tools (Ubuntu) |
Fix Released
|
Undecided
|
Skipper Bug Screeners |
Bug Description
FeatureFreeze Exception (FFE):
=======
Reason, rationale and benefits:
-------
The feature is based on the combination of two tickets:
- 1783088
this ticket for the kernel part was just created for completeness reasons
this part of the functionality automatically came with kernel 4.17
hence this LP ticket is 'Fix Released'
- 1783086
this is the 'user space' part of the functionality that should be addressed by the FFE
There was a little confusion if this belongs to the FeatureFreeze or KernelFreeze.
Since it's a package maintained by the kernel team the misconception came up that it is not affected by the Feature, but by the Kernel Freeze,
hence it was not processed in time and information was missing.
Without this patch the (new) "--kexec-
And the customer/partner needs to wait for the next d* release (means for several month).
This FFE now asks if the single commit (below) can be added to the kexec-tools (Ubuntu) of cosmic:
Description:
------------
commit d4a948c268272cf
Author: Philipp Rudo <email address hidden>
Date: Wed May 16 14:27:18 2018 +0200
kexec/s390: Add support for kexec_file_load
Since kernel 4.17-rc2 s390 supports the kexec_file_load system call.
Add the new system call to kexec-tools and provide the -s (--kexec-
Impact / Risk:
--------------
Since the function / option is new and for s390(x) the risk is pretty low.
There are no APIs expected to break or existing functions that are expected to fail while introducing this.
Package dependencies will not change, nor the install/upgrade behaviour after this got added.
Testing of the code, test builds and verification was already done by IBM.
(see comment # 4)
_______
Provide a capability to load signed kernels. I.e. to boot signed kernels
- from a Linux based boot loader or initial boot image
- as required for secure/trusted boot mechanisms
- for kdump kernels
Function consist of 2 contributions
- kernel 4.17 (available)
- kexec-tools (currently not available)
tags: | added: architecture-s39064 bugnameltc-169877 severity-high targetmilestone-inin1810 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → kexec-tools (Ubuntu) |
Changed in ubuntu-z-systems: | |
status: | New → Incomplete |
importance: | Undecided → High |
Changed in linux (Ubuntu): | |
status: | New → Fix Committed |
no longer affects: | linux (Ubuntu) |
Changed in ubuntu-z-systems: | |
assignee: | nobody → Canonical Kernel Team (canonical-kernel-team) |
status: | Incomplete → Triaged |
information type: | Private → Public |
description: | updated |
Changed in ubuntu-z-systems: | |
status: | Triaged → New |
tags: | added: featurefreezeexception ffe |
Changed in ubuntu-z-systems: | |
status: | New → Confirmed |
Changed in kexec-tools (Ubuntu): | |
status: | Confirmed → Triaged |
Changed in kexec-tools (Ubuntu): | |
status: | Triaged → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | Confirmed → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
kexec-tools is probably not the only/typical kexec utility these days. systemd provides kexec capability too. Has it been evaluated if any changes to systemd's kexec ability are required?
e.g. $ sudo systemctl kexec
Also given the related kernel patches, should we start looking into providing linux-signed kernels for s390x?