-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-10.2
-
None
-
Important
-
rhel-kernel-debug
-
0
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
kdump fails to load crashkernel when UKI is used.
Besides the SELinux policy issue we saw before (RHEL-116041), there's a signature validation failure that blocks kdump load.
[ 69.735084] PEFILE: Digest mismatch [ 69.735681] kexec_file: Enforced kernel signature verification failed (-129). # kdumpctl reload kdump: Kdump was not running: [WARNING] kdump: kexec: unloaded kdump kernel kdump: Stopping kdump: [OK] kdump: Secure Boot is enabled. Using kexec file based syscall. kexec_file_load failed: Key was rejected by service kdump: kexec: failed to load kdump kernel kdump: Starting kdump: [FAILED]
This issue does not reproduce on RHEL 9.
Secure Boot is enabled. UKI is signed by SB 504. The issue persists after `setenforce 0`.
Please provide the package NVR for which bug is seen:
kernel 6.12.0-150.el10.x86_64
kdump-utils-1.0.58-1.el10
How reproducible:
Always
Steps to reproduce
- kdump reload
Expected results
Actual results
kdump service is not running.