Hi,
On 06/12/2018 06:03 AM, Dave Young wrote:
Fedora bug
https://bugzilla.redhat.com/show_bug.cgi?id=1470995
With Fedora kernels on Secure Boot enabled machine kexec_file_load
fails because kernel can not use any keys other than kernel builtin
keyring. verify_pefile_signature() requires caller to pass 1UL as
the keyring pointer to use other keyring.
Posted a fix in upstream, but no response for long time. Thus going
with a Fedora fix same as what the module code does.
Latest upstream effort:
https://www.spinics.net/lists/kernel/msg2825184.html
I've added it to Rawhide, F28, and F27.
Thanks,
Jeremy