Currently old kexec syscall denies unloading a kernel if secureboot is enabled.
I think this is not right behavior and should be changed. But for now, use
new syscall if secureboot is enabled and that allows unloading kernel.
Signed-off-by: Vivek Goyal <vgoyal(a)redhat.com>
---
kdumpctl | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/kdumpctl b/kdumpctl
index bb98225..9403d61 100755
--- a/kdumpctl
+++ b/kdumpctl
@@ -826,7 +826,12 @@ stop_fadump()
stop_kdump()
{
- $KEXEC -p -u
+ if is_secure_boot_enforced; then
+ $KEXEC -s -p -u
+ else
+ $KEXEC -p -u
+ fi
+
if [ $? != 0 ]; then
echo "kexec: failed to unload kdump kernel"
return 1
--
1.9.0