powerpc: update kdumpctl to remove deletion of kernel signing key once loaded

Resolves: https://issues.redhat.com/browse/RHEL-14003
Upstream: Fedora
Conflict: None

commit fe6eb30e6756d3c13bb7485a08f066b18cd1594b
Author: Nayna Jain <nayna@linux.ibm.com>
Date:   Tue Oct 3 23:41:46 2023 -0400

    powerpc: update kdumpctl to remove deletion of kernel signing key once loaded

    Kernel signing key is deleted once kdump is loaded. This causes confusion in
    debugging since key is no longer visible. Unless someone knows how
    kdumpctl script works, it is difficult to find out how kdump could be
    loaded when there is no key on .ima keyring.

    Remove deletion of kernel signing key once loaded. And then to prevent
    multiple loading of same key when kdump service is disabled/enabled, update
    key description field as well.

    Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
    Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
    Reviewed-by: Philipp Rudo <prudo@redhat.com>

Signed-off-by: Coiby Xu <coxu@redhat.com>

kdumpctl

@@ -637,19 +637,7 @@ function load_kdump_kernel_key()
                 return
         fi
 
-	KDUMP_KEY_ID=$(keyctl padd asymmetric kernelkey-$RANDOM %:.ima < "/usr/share/doc/kernel-keys/$KDUMP_KERNELVER/kernel-signing-ppc.cer")
-}
-
-# remove a previously loaded key. There's no real security implication
-# to leaving it around, we choose to do this because it makes it easier
-# to be idempotent and so as to reduce the potential for confusion.
-function remove_kdump_kernel_key()
-{
-	if [[ -z $KDUMP_KEY_ID ]]; then
-		return
-	fi
-
-	keyctl unlink "$KDUMP_KEY_ID" %:.ima
+	keyctl padd asymmetric "" %:.ima < "/usr/share/doc/kernel-keys/$KDUMP_KERNELVER/kernel-signing-ppc.cer"
 }
 
 # Load the kdump kernel specified in /etc/sysconfig/kdump
@@ -702,8 +690,6 @@ load_kdump()
 	set +x
 	exec 2>&12 12>&-
 
-	remove_kdump_kernel_key
-
 	if [[ $ret == 0 ]]; then
 		dinfo "kexec: loaded kdump kernel"
 		return 0