https://bugzilla.suse.com/show_bug.cgi?id=1173682
https://bugzilla.suse.com/show_bug.cgi?id=1173682#c19
--- Comment #19 from Martin Wilck
Sorry to step in again, but if it would be possible in Packman e.g., why shouldn't that be possible in the existing NVidia repo too?
I can't answer that, because I have zero knowledge about how that repo is maintained. In the past I worked for a company that shipped (other) proprietary drivers in KMP format, properly signed with the company's own key. So I guess if NVidia was willing to do this and spend the necessary effort, they could. NVidia would be powerful enough to even push their key to the major vendors' BIOS. Let's get this straight: - After years of fighting and hassle, NVidia still ships the proprieary driver and AFAIK has no intention to cease doing that. - SB is becoming more and more ubiquitous, and SB + unsigned modules is a general problem, not only on openSUSE but on every Linux distro. - SUSE and the openSUSE community have done a great deal of work to make packaging and installing the drivers hassle-free for users. That's work that NVidia should have done but chose rather not to. - Now with secure boot and CONFIG_MODULE_SIG=y, the problem gets a new dimension that the community can't easily solve. It's a catch-22. - Eventually it's NVidia's problem and only NVidia can solve it "for good", either by open-sourcing the driver or by packaging and shipping properly signed driver modules.
Well, breaking user systems like this is not what I do understand about "closing the leap gap", sorry.
Again, "breaking systems" is not the intention. The intention is to minimize differences, and that includes of course important basic kernel security settings like that. By doing this, we bring Leap to a similar security level as SLE. -- You are receiving this mail because: You are on the CC list for the bug.