+ struct boot_task *task = data;
+ int rc = -1;
+
+ if (task->cancelled) {
+ cleanup_cancellations(task, result);
+ return;
+ }
+
+ if (load_pending(task->image) ||
+ load_pending(task->initrd) ||
+ load_pending(task->dtb))
+ return;
+
+ if (check_load(task, "kernel image", task->image) ||
+ check_load(task, "initrd", task->initrd) ||
+ check_load(task, "dtb", task->dtb))
+ goto no_load;
+
+ if (task->verify_signature) {
+ if (load_pending(task->image_signature) ||
+ load_pending(task->initrd_signature) ||
+ load_pending(task->dtb_signature) ||
+ load_pending(task->cmdline_signature))
+ return;
+ }
+ if (task->decrypt_files) {
+ if (load_pending(task->cmdline_signature))
+ return;
+ }
+
+ if (task->verify_signature) {
+ if (check_load(task, "kernel image signature",
+ task->image_signature) ||
+ check_load(task, "initrd signature",
+ task->initrd_signature) ||
+ check_load(task, "dtb signature",
+ task->dtb_signature) ||
+ check_load(task, "command line signature",
+ task->cmdline_signature))
+ goto no_sig_load;
+ }
+ if (task->decrypt_files) {
+ if (load_pending(task->cmdline_signature))
+ return;
+
+ if (check_load(task, "command line signature",
+ task->cmdline_signature))
+ goto no_decrypt_sig_load;
+ }
+
+ /* we make a copy of the local paths, as the boot hooks might update
+ * and/or create these */
+ task->local_image = task->image ? task->image->local : NULL;
+ task->local_initrd = task->initrd ? task->initrd->local : NULL;
+ task->local_dtb = task->dtb ? task->dtb->local : NULL;
+
+ if (task->verify_signature) {
+ task->local_image_signature = task->image_signature ?
+ task->image_signature->local : NULL;
+ task->local_initrd_signature = task->initrd_signature ?
+ task->initrd_signature->local : NULL;
+ task->local_dtb_signature = task->dtb_signature ?
+ task->dtb_signature->local : NULL;
+ }
+ if (task->verify_signature || task->decrypt_files) {
+ task->local_cmdline_signature = task->cmdline_signature ?
+ task->cmdline_signature->local : NULL;
+ }
+
+ run_boot_hooks(task);
+
+ update_status(task->status_fn, task->status_arg, STATUS_INFO,
+ _("Performing kexec load"));
+
+ rc = kexec_load(task);
+ pb_log("%s: kexec_load returned %d\n", __func__, rc);
+ if (rc == KEXEC_LOAD_DECRYPTION_FALURE) {
+ update_status(task->status_fn, task->status_arg,
+ STATUS_ERROR, _("Decryption failed"));
+ }
+ else if (rc == KEXEC_LOAD_SIGNATURE_FAILURE) {
+ update_status(task->status_fn, task->status_arg,
+ STATUS_ERROR,
+ _("Signature verification failed"));
+ }
+ else if (rc == KEXEC_LOAD_SIG_SETUP_INVALID) {
+ update_status(task->status_fn, task->status_arg,
+ STATUS_ERROR,
+ _("Invalid signature configuration"));
+ }
+
+no_sig_load:
+ cleanup_load(task->image_signature);
+ cleanup_load(task->initrd_signature);
+ cleanup_load(task->dtb_signature);
+
+no_decrypt_sig_load:
+ cleanup_load(task->cmdline_signature);
+
+no_load:
+ cleanup_load(task->image);
+ cleanup_load(task->initrd);
+ cleanup_load(task->dtb);
+
+ if (!rc) {
+ update_status(task->status_fn, task->status_arg,
+ STATUS_INFO, _("Performing kexec reboot"));
+
+ rc = kexec_reboot(task);
+ if (rc) {
+ update_status(task->status_fn, task->status_arg,
+ STATUS_ERROR,
+ _("kexec reboot failed"));
+ }
+ }
+}
+
+static int start_url_load(struct boot_task *task, const char *name,
+ struct pb_url *url, struct load_url_result **result)
+{
+ if (!url)
+ return 0;
+
+ *result = load_url_async(task, url, boot_process, task, NULL,
+ task->status_arg);
+ if (!*result) {
+ update_status(task->status_fn, task->status_arg,
+ STATUS_ERROR, _("Error loading %s"), name);
+ return -1;
+ }
+ return 0;
+}
+
+struct boot_task *boot(void *ctx, struct discover_boot_option *opt,
+ struct boot_command *cmd, int dry_run,
+ boot_status_fn status_fn, void *status_arg)
+{
+ struct pb_url *image = NULL, *initrd = NULL, *dtb = NULL;
+ struct pb_url *image_sig = NULL, *initrd_sig = NULL, *dtb_sig = NULL,
+ *cmdline_sig = NULL;
+ const struct config *config = config_get();