kexec (kernel execute), analogous to the Unix/Linux kernel call exec, is a mechanism of the Linux kernel that allows booting of a new kernel from the currently running one.
Essentially, kexec skips the bootloader stage and hardware initialization phase performed by the system firmware ( BIOS or UEFI), and directly loads the new kernel into main memory and starts executing it immediately. This avoids the long times associated with a full reboot, and can help systems to meet high-availability requirements by minimizing downtime. [1] [2]
While feasible, implementing a mechanism such as kexec raises two major challenges:
Support for allowing only signed kernels to be booted through kexec was merged into version 3.17 of the Linux kernel mainline, which was released on October 5, 2014. [3] This disallows a root user to load arbitrary code via kexec and execute it, complementing the UEFI secure boot and in-kernel security mechanisms for ensuring that only signed Linux kernel modules can be inserted into the running kernel. [4] [5] [6]
Kexec is used by LinuxBoot to boot the main kernel from the Linux kernel located in the firmware.
kexec (kernel execute), analogous to the Unix/Linux kernel call exec, is a mechanism of the Linux kernel that allows booting of a new kernel from the currently running one.
Essentially, kexec skips the bootloader stage and hardware initialization phase performed by the system firmware ( BIOS or UEFI), and directly loads the new kernel into main memory and starts executing it immediately. This avoids the long times associated with a full reboot, and can help systems to meet high-availability requirements by minimizing downtime. [1] [2]
While feasible, implementing a mechanism such as kexec raises two major challenges:
Support for allowing only signed kernels to be booted through kexec was merged into version 3.17 of the Linux kernel mainline, which was released on October 5, 2014. [3] This disallows a root user to load arbitrary code via kexec and execute it, complementing the UEFI secure boot and in-kernel security mechanisms for ensuring that only signed Linux kernel modules can be inserted into the running kernel. [4] [5] [6]
Kexec is used by LinuxBoot to boot the main kernel from the Linux kernel located in the firmware.