* Ard Biesheuvel <ard.biesheu...@linaro.org> wrote:
> No. It is the firmware's EFI code, and the virtual translation applied by the
> OS
> is made known to the firmware by means of a call into the runtime service
> SetVirtualAddressMap(). This service can only be called once after each boot,
> and so kexec kernels are forced to use the same VA mapping for runtime
> services
> as the first kernel. This is the whole point of having a VA region reserved
> for
> this, so that kexec kernels are guaranteed to be able to use the same VA
> mapping.
Yes, but it's the kernel's EFI code that determines the area! So my suggestion:
> > Preserving virtual addresses for kexec is a red herring: the randomized
> > offset
> > could be passed to the kexec-ed kernel just fine.
Would solve the kexec problem, right?
I.e. the first kernel that boots randomizes the address range - and passes that
offset off to any subsequent kernels.
Turning KASLR off actively degrades that randomization of the kernel virtual
addresses.
Am I missing anything?
Thanks,
Ingo
