Hi Baoquan,
On Mon, Mar 21, 2022 at 12:24:59PM +0800, Baoquan He wrote:
Hi Coiby,
On 03/18/22 at 05:40pm, Coiby Xu wrote:
This patch set allows arm64 to use more system keyrings to verify kdump
kernel image signature by making the existing code in x64 public.
Could you tell more about why arm64 need use more system keyrings to
verify kdump kernel iamge signature?
What problem have you encountered to make you want to do this?
Thanks for raising this question! Currently, a problem faced by arm64 is
if a kernel image is signed by a MOK key, this kernel image would be
rejected with the error "Lockdown: kexec: kexec of unsigned images is
restricted; see man kernel_lockdown.7". I'll improve the cover letter
and the 3rd commit message to have this info.
Thanks
Baoquan
--
Best regards,
Coiby
_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec
