diff --git a/kdumpctl b/kdumpctl
index abcdffd..aef3875 100755
--- a/kdumpctl
+++ b/kdumpctl
@@ -500,6 +500,43 @@ selinux_relabel()
 	done
 }
 
+# Check if secure boot is being enforced.
+#
+# Per Peter Jones, we need check efivar SecureBoot-$(the UUID) and
+# SetupMode-$(the UUID), they are both 5 bytes binary data. The first four
+# bytes are the attributes associated with the variable and can safely be
+# ignored, the last bytes are one-byte true-or-false variables. If SecureBoot
+# is 1 and SetupMode is 0, then secure boot is being enforced.
+#
+# Assume efivars is mounted at /sys/firmware/efi/efivars.
+function is_secure_boot_enforced()
+{
+	local secure_boot_file setup_mode_file
+	local secure_boot_byte setup_mode_byte
+
+	secure_boot_file=$(find /sys/firmware/efi/efivars -name SecureBoot-* 2>/dev/null)
+	setup_mode_file=$(find /sys/firmware/efi/efivars -name SetupMode-* 2>/dev/null)
+
+	if [ -f "$secure_boot_file" ] && [ -f "$setup_mode_file" ]; then
+		secure_boot_byte=$(hexdump -v -e '/1 "%d\ "' $secure_boot_file|cut -d' ' -f 5)
+		setup_mode_byte=$(hexdump -v -e '/1 "%d\ "' $setup_mode_file|cut -d' ' -f 5)
+
+		if [ "$secure_boot_byte" = "1" ] && [ "$setup_mode_byte" = "0" ]; then
+			return 0
+		fi
+	fi
+
+	return 1
+}
+
+function check_kdump_feasibility()
+{
+	if is_secure_boot_enforced; then
+		echo "Secure Boot is Enabled. Kdump service can't be started. Disable Secure Boot and retry"
+		return 1;
+	fi
+}
+
 function start()
 {
 	check_config
@@ -517,6 +554,12 @@ function start()
 		return 1
 	fi
 
+	check_kdump_feasibility
+	if [ $? -ne 0 ]; then
+		echo "Starting kdump: [FAILED]"
+		return 1
+	fi
+
 	status 
 	rc=$?
 	if [ $rc == 2 ]; then