Skip to main content

Crate kexec_loader

Crate kexec_loader 

Source
Expand description

§kexec-loader

Safe wrapper around kexec_file_load(2) for boot handoff on Linux. Loads a kernel + initrd + cmdline into the running kernel’s reserved kexec memory region and invokes reboot(LINUX_REBOOT_CMD_KEXEC) to jump into it — all without going through BIOS/UEFI or the bootloader a second time.

Part of the aegis-boot rescue environment — a signed-chain UEFI Secure Boot stick that boots any ISO.

§Scope

Only kexec_file_load(2) is supported. The classic kexec_load(2) is intentionally not exposed:

  • It is blocked under lockdown=integrity (which aegis-boot requires for its SB-enforced handoff).
  • It has no upstream signature-verification story — KEXEC_SIG only applies to kexec_file_load.

See ADR 0001 in the parent project for the Secure Boot rationale.

§Platform support

TargetBehavior
target_os = "linux"Functional — shells out to kexec_file_load(2) via libc
Any other targetCompiles; every public fn returns KexecError::Unsupported

Non-Linux builds compile cleanly so downstream workspaces stay portable.

§Safety

One narrowly-scoped unsafe block: the syscall invocation itself. Inputs are rigorously validated before the syscall — paths are canonicalized and must exist as regular files, cmdline is NUL-terminated and length-checked. See the module docs for the full invariant list.

§Usage

// Illustrative shape only — the real API surface (field names,
// error types, Result shape) is documented inline on the
// `load_and_exec` item below.
use kexec_loader::{load_and_exec, KexecRequest};
use std::path::Path;

let req = KexecRequest {
    kernel: Path::new("/run/media/aegis-isos/live/vmlinuz"),
    initrd: Path::new("/run/media/aegis-isos/live/initrd.gz"),
    cmdline: "root=LABEL=RESCUE quiet",
};
load_and_exec(&req)?;  // does not return on success — the process is replaced

See the API docs for the full surface.

§Status

Pre-1.0. API is settling through real-hardware validation on the parent project’s test fleet. Publishing to crates.io at 1.0. Until then, consume via the aegis-boot workspace.

§License

Licensed under either of Apache-2.0 or MIT at your option.

§Rust API

Safe wrapper around kexec_file_load(2) for the aegis-boot rescue TUI.

§Scope

Only the file-descriptor-based kexec_file_load(2) syscall is supported. The classic kexec_load(2) is intentionally not exposed:

  • It is blocked under lockdown=integrity (which we require).
  • It has no upstream signature-verification story — KEXEC_SIG only applies to kexec_file_load.

See ADR 0001 for the Secure Boot rationale.

§Safety

This crate opts into unsafe narrowly (see [syscall] module) to invoke kexec_file_load(2) and reboot(2). Every unsafe block documents its invariant. The rest of the workspace is unsafe_code = forbid.

Structs§

KexecRequest
Parameters for a kexec_file_load invocation.

Enums§

KexecError
Errors returned while preparing or invoking kexec.

Functions§

classify_errno
Classify a raw errno from kexec_file_load(2) into KexecError.
load_and_exec
Load the requested kernel via kexec_file_load(2) and immediately trigger reboot(LINUX_REBOOT_CMD_KEXEC).
load_dry
Load the requested kernel via kexec_file_load(2) without triggering the subsequent reboot.