Comment # 45 on bug 1208939 from 
(In reply to Joey Lee from comment #44)
> (In reply to dziobian from comment #42)
> > I built and installed the updated nvidia-driver-G06-kmp-default and it did
> > not work for me. I noticed you've added some stuff using mokutil. I do not
> > use shim for booting, instead have dracut configured to produce signed .efi
> > images containing kernel + initramfs (the `uefi_secureboot_cert` option)
> > 
> > Is there anything i can do (most likely add something to `kernel_cmdline`)
> > to make this work in such a setup?
> > 
> > (Disabling signature enforcement in kernel would be fine for me, as the
> > initramfs is signed while the system drive is under FDE)
> 
> Without shim which means without MOK, the only way is rebuild kernel and put
> the public key of nvidia-driver-G06-kmp-default to kernel. 
> 
> Or disable secure boot.

Another approach, maybe we can try to enable CONFIG_SYSTEM_EXTRA_CERTIFICATE in
openSUSE Tumbleweed kernel. As I remember, it will reserve a space for user to
enroll public key to the space, then user needs to re-sign kernel by him self.
So user doesn't need to re-compiler kernel to embedded public key.

You are receiving this mail because: