https://bugzilla.suse.com/show_bug.cgi?id=1212811 Bug ID: 1212811 Summary: MokManager wants to remove needed cert Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-bugs@opensuse.org Reporter: nwr10cst-oslnx@yahoo.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Build Identifier: I'm currently using a kernel from Kernel:/stable:/Backport/standard/ (as explained in bug 1212808 ). Yesterday, I decided to update that kernel (from 6.3.9-lp154.2.1.g0df701d to 6.4.0-lp154.2.1.gd68cda5). To do this: I enabled the repo I used Yast software management I told it to install the newer kernel and remove the older one I then disabled the repo once again On reboot, I got a MokManager blue screen wanting to remove the cert that had been added for the older kernel. This seems a mistake, since it is still needed for the newer kernel. As best I can tell, Yast first removed the older kernel and that generated a request to remove the cert. It then installed the newer kernel, but because the cert was already loaded it did not generate a request to add the cert. (When I next update this kernel, I'll make sure to install the new kernel first, and then remove the old kernel afterwards to avoid this issue). Yes, I could have left it to the purge-kernels service to remove the old. But that would have instead removed the standard Leap 15.5 kernel, and I wanted to avoid that. Reproducible: Didn't try -- You are receiving this mail because: You are on the CC list for the bug.