Hello, apparently modules are verified by keys from 'secondary' keyring on all platforms. If you happen to know that it's this particular keyring, and know how to list keyrings recursively you can find the keys that are used for verifying modules. However, for kexec we have - primary keyring on aarch64 - platform keyring on s390 - secondary AND platform keyring on x86 How is a user supposed to know which keys are used for kexec image verification? There is an implicit keyring that is ad-hoc constructed by the code that does the kexec verification but there is no key list observable from userspace that corresponds to this ad-hoc keyring only known to the kexec code. Can the kernel make the information which keys are used for what purpose available to the user? Thanks Michal
