Comment # 5 on bug 1195118 from 
I did the following test installation on an UEFI machine and a virtual machine
with secure boot enabled. The results are identical:
I installed a KDE desktop. The package openSUSE-signkey-cert is installed
automatically. After the installation completes and the machine reboots, there
is no request to enroll the key present in openSUSE-signkey-cert and the
command:
  mokutil --test-key /etc/uefi/certs/BDD31A9E-kmp.crt
returns:
  /etc/uefi/certs/BDD31A9E-kmp.crt is not enrolled
At this point you have to run:
  mokutil --import /etc/uefi/certs/BDD31A9E-kmp.crt --root-pw
or
  zypper in --force openSUSE-signkey-cert
then reboot and enroll the key.

The release notes (section 4.1) are somehow incorrect:
they assume that you have to manually install openSUSE-signkey-cert and after
the reboot enroll the key. 
If I see that openSUSE-signkey-cert is already installed, I assume
(incorrectly) that there is nothing more to do.
If nothing else changes, at least the release notes should be updated.

You are receiving this mail because: