On 06/12/2018 06:03 AM, Dave Young wrote:
With Fedora kernels on Secure Boot enabled machine kexec_file_load
fails because kernel can not use any keys other than kernel builtin
keyring. verify_pefile_signature() requires caller to pass 1UL as
the keyring pointer to use other keyring.
Posted a fix in upstream, but no response for long time. Thus going
with a Fedora fix same as what the module code does.
Latest upstream effort:
I've added it to Rawhide, F28, and F27.