Hello openSUSE! (re-sending as the mail server works again). Update since lunch time: The problem was discussed on #opensuse-factory with shortly after lunchtime. We used https://etherpad.opensuse.org/p/draft-email-bsc-173158 as a problem summary. People who participated in discussion are currently for handling it over release-notes and keep it as it is. Original text: This topic recently got quite an attention and we'd like to discuss the next steps. We still have a short window until GM this week, but it's still doable if we're fast enough. openSUSE Leap 15.2 introduced a change in kernel setting, which affects secure boot, specifically CONFIG_MODULE_SIG=y https://bugzilla.opensuse.org/show_bug.cgi?id=1173158 This change seems to be in master since March 2018 https://github.com/openSUSE/kernel-source/commit/2539ea5663ec There is yet another related variable MODULE_SIG_FORCE, that is unset on openSUSE Leap 15.2. MODULE_SIG_FORCE: "Reject unsigned modules or signed modules for which we don't have a key. Without this, such modules will simply taint the kernel." So with this variable unset, we'll simply receive a warning, but the module will get loaded. On the other hand with this variable set, an unsigned module such as proprietary Nvidia driver would fail to load in secure boot. Do we want to rollback the value of CONFIG_MODULE_SIG, although **it is not enforced**? Or are we willing to adopt SLE behavior and (over- )communicate the change in release-notes? See https://github.com/openSUSE/release-notes-openSUSE/pull/96 We'd also like to ask you to test a proprietary Nvidia driver with the secure boot on. More info at https://en.opensuse.org/SDB:NVIDIA_drivers . You can enter results (Just for the Nvidia test) of testing to https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3m... Thank you -- Best regards Luboš Kocman Release Manager openSUSE Leap SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nuremberg Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer