From: Dave Young Fix kexec_file_load pefile signature verification Similar with Fix-for-module-sig-verification.patch, kexec_file syscall also need pass 1UL to verify_pefile_signature so that secondary keys can be used. Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=1470995 Latest upstream effort is below: https://www.spinics.net/lists/kernel/msg2825184.html Ideally this need an upstream fix, but since nobody response we can workaround it like the module code did. Signed-off-by: Dave Young --- arch/x86/kernel/kexec-bzimage64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- linux-x86.orig/arch/x86/kernel/kexec-bzimage64.c +++ linux-x86/arch/x86/kernel/kexec-bzimage64.c @@ -533,7 +533,7 @@ static int bzImage64_cleanup(void *loade static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) { return verify_pefile_signature(kernel, kernel_len, - NULL, + (void *)1UL, VERIFYING_KEXEC_PE_SIGNATURE); } #endif -- 2.17.0