powerpc: update kdumpctl to remove deletion of kernel signing key once loaded

Resolves: https://issues.redhat.com/browse/RHEL-14002
Upstream: Fedora
Conflict: There are changes on format

commit fe6eb30e67
Author: Nayna Jain <nayna@linux.ibm.com>
Date:   Tue Oct 3 23:41:46 2023 -0400

    powerpc: update kdumpctl to remove deletion of kernel signing key once loaded

    Kernel signing key is deleted once kdump is loaded. This causes confusion in
    debugging since key is no longer visible. Unless someone knows how
    kdumpctl script works, it is difficult to find out how kdump could be
    loaded when there is no key on .ima keyring.

    Remove deletion of kernel signing key once loaded. And then to prevent
    multiple loading of same key when kdump service is disabled/enabled, update
    key description field as well.

    Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
    Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
    Reviewed-by: Philipp Rudo <prudo@redhat.com>

Signed-off-by: Coiby Xu <coxu@redhat.com>

kdumpctl

@@ -653,20 +653,7 @@ function load_kdump_kernel_key()
                 return
         fi
 
-        KDUMP_KEY_ID=$(cat /usr/share/doc/kernel-keys/$KDUMP_KERNELVER/kernel-signing-ppc.cer |
-                        keyctl padd asymmetric kernelkey-$RANDOM %:.ima)
-}
-
-# remove a previously loaded key. There's no real security implication
-# to leaving it around, we choose to do this because it makes it easier
-# to be idempotent and so as to reduce the potential for confusion.
-function remove_kdump_kernel_key()
-{
-	if [ -z "$KDUMP_KEY_ID" ]; then
-		return
-	fi
-
-	keyctl unlink $KDUMP_KEY_ID %:.ima
+	keyctl padd asymmetric "" %:.ima < "/usr/share/doc/kernel-keys/$KDUMP_KERNELVER/kernel-signing-ppc.cer"
 }
 
 # Load the kdump kernel specified in /etc/sysconfig/kdump
@@ -708,9 +695,7 @@ load_kdump()
 	set +x
 	exec 2>&12 12>&-
 
-	remove_kdump_kernel_key
-
-	if [ $ret == 0 ]; then
+	if [[ $ret == 0 ]]; then
 		dinfo "kexec: loaded kdump kernel"
 		return 0
 	else