Comment # 26 on bug 1173115 from Gary Ching-Pang Lin

(In reply to Gary Ching-Pang Lin from comment #25)
> keyutils provides some handy functions. I can search the
> .builtin_trusted_keys keyring with find_key_by_type_and_desc() and match the
> built-in key with keyctl_search() and keyctl_read_alloc(). Shouldn't be too
> hard to integrate the kernel keyring into mokutil.

It turned out that the trusted keyring is not searchable and dumpable, so both
keyctl_search() and keyctl_read_alloc() don't not work. It's only possible to
iterate the descriptions of keys and match "X509v3 Subject Key Identifier".