On 7/31/21 12:47 PM, Andrei Borzenkov wrote:
On 31.07.2021 19:58, Larry Finger wrote:
Hi,
We are still fighting the problem described in boo#1188475. Systems with secure boot enabled and upgraded from Leap 15.2 to Leap 15.3 cannot load the VirtualBox modules.
In Leap 15.2, all modules are signed with "openSUSE Secure Boot CA" and all is well, but in Leap 15.3, the VB modules are signed with "openSUSE Secure Boot CA" as in Leap 15.2, but the standard modules are signed with "SUSE Linux Enterprise Secure Boot CA." Using 'mokutil -l', only the latter key is present.
At present, the only work-around that I can suggest is to disable secure boot, which is hardly a fix. Reinstalling the shim package or installing "openSUSE-signkey-cert" do not help.
Can someone with expertise in these keys suggest a way to add "openSUSE Secure Boot CA" to the list of keys, or how to re-sign the VB modules with "SUSE Linux Enterprise Secure Boot CA"? I have read the documentation on signing modules, but I still do not understand how to do these operations.
https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/message/...
Unfortunately, that does not tell me how to instruct the users with this problem how to fix their systems. Larry