From: Coiby Xu
[ Upstream commit 0d519cadf75184a24313568e7f489a7fc9b1be3b ]
Currently, when loading a kernel image via the kexec_file_load() system
call, arm64 can only use the .builtin_trusted_keys keyring to verify
a signature whereas x86 can use three more keyrings i.e.
.secondary_trusted_key
On Tue, Sep 06, 2022 at 03:05:57PM +0200, Ard Biesheuvel wrote:
>
> While I appreciate the effort that has gone into solving this problem,
> I don't think there is any consensus that an elaborate fix is required
> to ensure that the crash kernel can be unmapped from the linear map at
> all cost. I
