Comment 17 for bug 1869672

Hi yamato, thank you! Good news, this time the fix is working and I was able to kdump in my secureboot system. So, I'll move on and change title/component/description of this LP to proceed with the SRU - I hope next kernel (after 4.15.0-97) will have the fix =)

In order to test the kernel, you must follow the below procedures (as root user):
[I assume you don't have the proposed pocket enabled in your system, if so please disable it before testing]

add-apt-repository ppa:gpiccoli/test1869672-2
apt-get update
apt-get install linux-image-4.15.0-97-generic linux-modules-4.15.0-97-generic linux-modules-extra-4.15.0-97-generic

Then, get the file: http://ppa.launchpad.net/gpiccoli/test1869672-2/ubuntu/dists/bionic/main/signed/linux-amd64/4.15.0-97.98+TEST0000000v20200423b3/signed.tar.gz

Extract it and you'll see a file uefi.crt in "control/" folder. You can use the following command to extract its .DER key:

openssl x509 -in uefi.crt -outform der -out cert.der

Finally, I'm running "mokutil --import cert.der" to enroll the certificate on shim. After that, you must reboot and you firmware should present you a MOK utility to enroll the key (OVMF does, I need to access through serial console when booting).

With all these steps, I was able to test successfully the kernel, and produced a kernel dump.
Cheers,

Guilherme