(In reply to Joey Lee from comment #44) > (In reply to dziobian from comment #42) > > I built and installed the updated nvidia-driver-G06-kmp-default and it did > > not work for me. I noticed you've added some stuff using mokutil. I do not > > use shim for booting, instead have dracut configured to produce signed .efi > > images containing kernel + initramfs (the `uefi_secureboot_cert` option) > > > > Is there anything i can do (most likely add something to `kernel_cmdline`) > > to make this work in such a setup? > > > > (Disabling signature enforcement in kernel would be fine for me, as the > > initramfs is signed while the system drive is under FDE) > > Without shim which means without MOK, the only way is rebuild kernel and put > the public key of nvidia-driver-G06-kmp-default to kernel. > > Or disable secure boot. Another approach, maybe we can try to enable CONFIG_SYSTEM_EXTRA_CERTIFICATE in openSUSE Tumbleweed kernel. As I remember, it will reserve a space for user to enroll public key to the space, then user needs to re-sign kernel by him self. So user doesn't need to re-compiler kernel to embedded public key.