[opensuse-factory] Kernel of the Day has invalid signature
Hi, I have Secure Boot enabled in UEFI. Both, Leap and Tumbleweed boot fine. I added Kernel of the Day and now Grub complains that it has the invalid signature. If I change Secure Boot settings from "Microsoft & 3rd party CA" to "none" I can boot the kernel fine. However, that makes for an ugly UEFI startup screen. Kind regards, Michael -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 28 April 2016 at 18:51, Michael Melcher <michael.melcher82@gmail.com> wrote:
Are you sure this is not intentional? I am not sure, but I imagine it would be hard to offer a KOTD that was correctly signed given it typically takes longer than a day to get them signed.. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
28.04.2016 20:45, Richard Brown пишет:
Yes, KOTD is not signed by standard openSUSE key. I still think it would be useful to ship key together with kernel package, so that users could enroll it manually. We do it for GRUB. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 2016-04-29 05:38, Andrei Borzenkov wrote:
It used to be done this way and the code for that is still in kernel-binary.spec.in, but has not been updated for 4.3+. Can you enter a bugreport for this? Thanks, Michal -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 28 April 2016 at 18:51, Michael Melcher <michael.melcher82@gmail.com> wrote:
Are you sure this is not intentional? I am not sure, but I imagine it would be hard to offer a KOTD that was correctly signed given it typically takes longer than a day to get them signed.. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
28.04.2016 20:45, Richard Brown пишет:
Yes, KOTD is not signed by standard openSUSE key. I still think it would be useful to ship key together with kernel package, so that users could enroll it manually. We do it for GRUB. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 2016-04-29 05:38, Andrei Borzenkov wrote:
It used to be done this way and the code for that is still in kernel-binary.spec.in, but has not been updated for 4.3+. Can you enter a bugreport for this? Thanks, Michal -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (4)
-
Andrei Borzenkov
-
Michael Melcher
-
Michal Marek
-
Richard Brown