On 04. 03. 23, 11:58, Stefan Dirsch wrote:
On Fri, Mar 03, 2023 at 08:11:42PM -0600, Tejas Guruswamy wrote:
On 02/03/2023 01:22, Jiri Slaby wrote:
Hi all,
just so you know, as per bug 1198101, the kernel for Tumbleweed received patchset for locked down kernel (see the bug). This will be a part of the 6.2.1 submission (SR#1068171).
Few notes: * Hibernation does not work when secure boot is enabled (bug 1208766) * Leap inherited/contains this patchset long from SLE time ago.
regards,
This needed a lot more warning; Tumbleweed does not have signed NVIDIA kernel modules at the moment, only Leap. There are going to be a lot of people with broken displays.
Trust me, if there is any widespread problem, I will revert the patchset from TW instantly. And let them retry later, when all is settled. Unfortunately without this trial phase, we cannot find out. Note that I'm not much in favor of this "functionality". BUt it's the way it is. We (open/SUSE) are required to have this so that MS will sign our shim.
Highlighting for Stefan (sorry, looks like you are going to have some bug reports ...)
Thanks for letting me know! Yeah, it's the first time I hear about this. :-(
I explicitly asked in bug 1198101 (which is still closed to public, unfortunately) "What happens to nvidia modules" and I received: === Nvidia RPM created a one-time when local building and enroll the public key to MOK. So it doesn't have problem. ===
Adjusting the packages will be rather easy. Basically this means that TW users making use of the proprietary nvidia kernel modules will need to accept a new MOK key after rebooting the machine when having done a kernel update before via a regular TW update, because we don't provide a stable kABI with TW.
Personally I expect users to taboo (zypper lock) the kernel packages to get rid of this step. Many TW users may have never seen our MokManager before ...
So, does the patchset break many people's computer with nvidia or not? thanks, -- js suse labs