(In reply to Joey Lee from comment #23) > (In reply to Kilian Hanich from comment #22) > > (In reply to Joey Lee from comment #20) > > > How about change the kernel scripts? To avoid the "255" return value to > > > expose: > > > > > > suse-module-tools/kernel-scriptlets/cert-script > > > ... > > > # XXX: Only call mokutil if UEFI and shim are used > > > for cert in $certs; do > > > cert="/etc/uefi/certs/${cert}.crt" > > > run_mokutil --import "$cert" --root-pw ${MOK_ARGS} > > > rc=$? > > > if [ $rc != 0 ] ; then > > > script_rc=$rc # hide 255 here? > > > echo "Failed to import $cert" >&2 > > > fi > > > done > > > > I'd do it like this: > > > > # XXX: Only call mokutil if UEFI and shim are used and if efivarfs is > > mounted readable > > mount | grep efivarfs | grep -E '\(.*,?ro,?.*\)' > > if [ $? == 0 ] ; then > > for cert in $certs; do > > cert="/etc/uefi/certs/${cert}.crt" > > run_mokutil --import "$cert" --root-pw ${MOK_ARGS} > > rc=$? > > if [ $rc != 0 ] ; then > > script_rc=$rc > > echo "Failed to import $cert" >&2 > > fi > > done > > fi > > I agree. > > Will you send the change to > https://github.com/openSUSE/suse-module-tools.git ? Sure, but I will try this first locally if it works in practice.