Hi Michal, Here are the results from my pc # cat /proc/keys | grep machine 34c6a369 I------ 1 perm 1f0b0000 0 0 keyring .machine: empty # keyctl show 0x34c6a369 Keyring 885433193 ---lswrv 0 0 keyring: .machine So what is that telling us ? I just heard that the old kernel allowed secondary mok keys - the 6.2 does not permit secondary mok keys so it would not allow user signed modules. If that is true it would seem to mean that would mean that only modules in the repos that suse signed would be able to load, unless a person resorts to compiling their own kernel which I definitely do not want to do. Is there a kernel option for 6.2 that allows secure boot with validation but permits secondary keys? If so, that seems like the best scenario, Secure Boot can be enabled with validation, but users can sign and load their own modules. Is that a possibility ? Joe