Hi All, The testing repo is published http://download.opensuse.org/repositories/home:/michael-chang:/bsc954126/standard/ Here is step to test: 1. zypper ar --repo http://download.opensuse.org/repositories/home:/michael-chang:/bsc954126/standard/home:michael-chang:bsc954126.repo 2. zypper dup -r home_michael-chang_bsc954126 3. mokutil --import /usr/lib64/efi/grub.der 4. Input password to be used in MokManager for enrolling keys later 5. mokutil --list-new # To check your enrolled key in step 3 is successful 6. Reboot 7. You should see MokManager UI (ncurses like) and from that selecting "Enroll MOK", type the password in step4 and system will reboot again. 8. Enable "Secure Boot" 9. Test 10. If it doe not work, boot to the system and run "mokutil --list-enrolled" to check that keys are enrolled correctly by step7. PS. I also tested with shim 0.9, but did not have the verification problem issue in comment#15. I still like to know the result as my testing was done by a bootmgfw.efi downloaded from internet, not by a real shipped one. And some post processing like strip it's existing certificate which seems not work, and resign the image with self-signed certificate. Thanks.