I don't know if it's a problem. Do we use the same signing certificates on Leap as on SLE nowadays? I mean if Leap uses the grub2 from SLE it will be signed by the SUSE one rather than the openSUSE one, right? In that case same SBAT values would be fine of course.