On Mon, Mar 06, 2023 at 07:23:31AM +0100, Jiri Slaby wrote: u> Note that I'm not much in favor of this "functionality". BUt it's the way it
is. We (open/SUSE) are required to have this so that MS will sign our shim.
Highlighting for Stefan (sorry, looks like you are going to have some bug reports ...)
Thanks for letting me know! Yeah, it's the first time I hear about this. :-(
I explicitly asked in bug 1198101 (which is still closed to public, unfortunately) "What happens to nvidia modules" and I received: === Nvidia RPM created a one-time when local building and enroll the public key to MOK. So it doesn't have problem. ===
Unfortunately this has been a wrong assumption. It is what we do with Leap for quite some time [1], but not for TW, because we don't want to confuse our users with the appearance of MokManager after each kernel update when booting the machine. For the future I think it would be a good idea to ask the right persons [2] directly instead of relying on some educated guess by another developer. Anyway, I changed this now for TW to sign the modules also there. Update of the nVidia repository is triggered and should be available in the next days. CU, Stefan [1] since we suddenly added the lockdown patches for Leap 15.2; again without letting me know beforehand :-( [2] me doing this nVidia packaging since 2005; you may know/hate me for doing this meanwhile ... Public Key available ------------------------------------------------------ Stefan Dirsch (Res. & Dev.) SUSE Software Solutions Germany GmbH Tel: 0911-740 53 0 Frankenstraße 146 FAX: 0911-740 53 479 D-90461 Nürnberg http://www.suse.de Germany ---------------------------------------------------------------- Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman (HRB 36809, AG Nürnberg) ----------------------------------------------------------------