schemas: chosen: add dmcryptkeys property #181
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Linux kernel has introduced the CONFIG_CRASH_DM_CRYPT feature to support LUKS-encrypted device dump target by addressing two challenges [1][2], - Kdump kernel may not be able to decrypt the LUKS partition. For some machines, a system administrator may not have a chance to enter the password to decrypt the device in kdump initramfs after the 1st kernel crashes - LUKS2 by default use the memory-hard Argon2 key derivation function which is quite memory-consuming compared to the limited memory reserved for kdump. To also enable this feature for ARM64, we only need to add device tree property dmcryptkeys as similar to elfcorehdr to pass the memory address of the stored info of dm-crypt keys to the kdump kernel. [1] https://lore.kernel.org/all/20250502011246.99238-1-coxu@redhat.com/ [2] Write the dump file to encrypted disk volume, Linux/Documentation/admin-guide/kdump/kdump.rst Signed-off-by: Coiby Xu <coxu@redhat.com>
intel-lab-lkp
pushed a commit
to intel-lab-lkp/linux
that referenced
this pull request
Jan 6, 2026
CONFIG_CRASH_DM_CRYPT has been introduced to support LUKS-encrypted device dump target by addressing two challenges [1], - Kdump kernel may not be able to decrypt the LUKS partition. For some machines, a system administrator may not have a chance to enter the password to decrypt the device in kdump initramfs after the 1st kernel crashes - LUKS2 by default use the memory-hard Argon2 key derivation function which is quite memory-consuming compared to the limited memory reserved for kdump. To also enable this feature for ARM64, we only need to add device tree property dmcryptkeys [2] as similar to elfcorehdr to pass the memory address of the stored info of dm-crypt keys to the kdump kernel. [1] https://lore.kernel.org/all/20250502011246.99238-1-coxu@redhat.com/ [2] devicetree-org/dt-schema#181 Cc: Arnaud Lefebvre <arnaud.lefebvre@clever-cloud.com> Cc: Baoquan he <bhe@redhat.com> Cc: Dave Young <dyoung@redhat.com> Cc: Kairui Song <ryncsn@gmail.com> Cc: Pingfan Liu <kernelfans@gmail.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Krzysztof Kozlowski <krzk@kernel.org> Signed-off-by: Coiby Xu <coxu@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Linux kernel has introduced the CONFIG_CRASH_DM_CRYPT feature to support LUKS-encrypted device dump target by addressing two challenges [1][2],
Kdump kernel may not be able to decrypt the LUKS partition. For some machines, a system administrator may not have a chance to enter the password to decrypt the device in kdump initramfs after the 1st kernel crashes
LUKS2 by default use the memory-hard Argon2 key derivation function which is quite memory-consuming compared to the limited memory reserved for kdump.
To also enable this feature for ARM64, we only need to add device tree property dmcryptkeys as similar to elfcorehdr to pass the memory address of the stored info of dm-crypt keys to the kdump kernel.
[1] https://lore.kernel.org/all/20250502011246.99238-1-coxu@redhat.com/
[2] "Write the dump file to encrypted disk volume", Linux/Documentation/admin-guide/kdump/kdump.rst
Linux kernel patch:
V1: https://lore.kernel.org/all/20251226141116.1379601-1-coxu@redhat.com/