Thanks, disabling Secure Boot did it, as expected. This is acceptable for just testing new kernels temporarily. Just for reference, a few weeks ago I was able to load kernel 5.5rc1 from Kernel:HEAD without having to disable Secure Boot. Current kernels from Kernel:HEAD exhibit the same behavior than Kernel:Stable, requiring Secure Boot to be disabled. I did not try to enroll the key as I am really not familiar with that stuff. On 1/13/20 12:09 PM, Dominique Leuenberger / DimStar wrote:
On Mon, 2020-01-13 at 11:48 +0100, Michael Pujos wrote:
I wanted to try newer kernels in the Kernel:/stable repo (currently 5.4.10) but booting them result in a lockup at "Kernel loading...". Not even initrd is loading. Is this due to this new singnig key handling thing I am not familiar with ? Is there anything I can do to have this working ? The kernel in kernel:/stable does not use the same signing key as what is shipped in Tumbleweed (the proper signing key is only applied when it's in the product). So the new key can't be a reason for that problem in this case.
Nevertheless, I think the signing is still an issue here: since the kernel in :/stable is not signed with the openSUSE Key (which in turn is signed by the openSUSE CA) your UEFI/Secureboot likely never enrolled the keys. IIRC, you should see a mokmanager during boot up, where you should be able to enroll a new key (or in worst case, try to disable secureboot in the UEFI setting for a test)
Cheers, Dominique
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org