(In reply to Gary Ching-Pang Lin from comment #25) > keyutils provides some handy functions. I can search the > .builtin_trusted_keys keyring with find_key_by_type_and_desc() and match the > built-in key with keyctl_search() and keyctl_read_alloc(). Shouldn't be too > hard to integrate the kernel keyring into mokutil. It turned out that the trusted keyring is not searchable and dumpable, so both keyctl_search() and keyctl_read_alloc() don't not work. It's only possible to iterate the descriptions of keys and match "X509v3 Subject Key Identifier".