-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-09-01 18:38, Neil Rickert wrote:
On Mon, 01 Sep 2014 09:52:02 +0200 Ludwig Nussel <> wrote:
If we don't want to wait for MS, a machine with secure boot enabled may not boot Factory. One has to either disable secure boot or import the openSUSE CA into the UEFI firmware. So we can take a conscious decision here and define a policy.
I would consider importing the opensuse CA into the firmware, if I knew how. I cannot find a place to do that in the BIOS settings on either of my UEFI boxes.
I found some references: https://en.opensuse.org/openSUSE:UEFI which mentions that is is done with something called "mokutil". http://en.altlinux.org/UEFI_SecureBoot_mini-HOWTO https://www.suse.com/releasenotes/x86_64/SUSE-SLES/12/ https://www.suse.com/LinuxPackages/packageRouter.jsp?product=server&version=11&service_pack=sp3&architecture=x86_64&package_name=mokutil http://software.opensuse.org/package/mokutil?search_term=mokutil This program provides the means to enroll and erase the machine owner keys (MOK) stored in the database of shim. man page: http://linuxmanpages.net/manpages/fedora19/man1/mokutil.1.html I have not located an opensuse page that explains how to do it. Only on the first link, where it says that the utility was broken on 12.3 and that some UEFI implementations might offer a boot menu option to do it. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQE38YACgkQtTMYHG2NR9WxdACfSPh13IKYPNfLlAuc6IONAYg4 rUwAnRH8Lt2/DIlZP0AailSZSKJXYpo6 =nbNi -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org