From 8d4db658fd04b8aebfea968b10e6111a3f41f2bf Mon Sep 17 00:00:00 2001 From: Kairui Song Date: Fri, 10 May 2019 15:11:26 +0800 Subject: [PATCH] kexec-kdump-howto.txt: Add document about encrypted targets Currently kdump is not working well with encrypted targets, add document about this issue. Signed-off-by: Kairui Song Acked-by: Dave Young --- kexec-kdump-howto.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/kexec-kdump-howto.txt b/kexec-kdump-howto.txt index fa01a3d..7e9e58a 100644 --- a/kexec-kdump-howto.txt +++ b/kexec-kdump-howto.txt @@ -684,6 +684,20 @@ a machine with a disk image which have kdump initramfs embedded, you should rebuild the initramfs using "kdumpctl rebuild" command manually, or else kdump may not work as expeceted. +Notes on encrypted dump target: + +Currently, kdump is not working well with encrypted dump target. +First, user have to give the password manually in capture kernel, +so a working interactive terminal is required in the capture kernel. +And another major issue is that an OOM problem will occur with certain +encryption setup. For example, the default setup for LUKS2 will use a +memory hard key derivation function to mitigate brute force attach, +it's impossible to reduce the memory usage for mounting the encrypted +target. In such case, you have to either reserved enough memory for +crash kernel according, or update your encryption setup. +It's recommanded to use a non-encrypted target (eg. remote target) +instead. + Parallel Dumping Operation ========================== Kexec allows kdump using multiple cpus. So parallel feature can accelerate