https://bugzilla.suse.com/show_bug.cgi?id=1195118 https://bugzilla.suse.com/show_bug.cgi?id=1195118#c31 Ancor Gonzalez Sosa <ancor@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mchang@suse.com Flags| |needinfo?(mchang@suse.com) --- Comment #31 from Ancor Gonzalez Sosa <ancor@suse.com> --- (In reply to Takashi Iwai from comment #27)

I'm afraid that firstboot won't work either, because the MOK deployment is required before rebooting. It's a stuff for GRUB/shim, after all.

Which makes me think we may consider to fix it in the Grub2 side. Like making sure Grub always imports the missing keys during grub_install or any other of its steps/scripts.

Is there any hook the installer itself runs after packaging installation and root passwd setup?

I keep working on finding such a hook that could be used by the openSUSE-signjey-cert package (no clear candidate so far). I will update the bug at the end of today with my findings. But meanwhile I would like to add Michal Chang to NEEDINFO for him to check how feasible would be to implement a fix in the Grub2 side. Grub2 is installed from the chrooted (target) system at the very end of the installation process when the root password and everything else is already available. -- You are receiving this mail because: You are on the CC list for the bug.