Comment # 6 on bug 1209006 from 
On Leap we don't need the secondary keyring at all, we have a downstream patch
that loads the MOK keys into platform keyring, and verifies modules with
platform keyring.

In upstream the MOK keys are loaded into machine keyring which then should get
loaded into secondary keyring.

This option is for loading additional keys (which the name does not reflect) in
a specific way different from the default (which the name does not reflect) and
is incompatible with machine keyring (which would have to be patched out to
enable it).

Does not seem to work for me, anyway:

cat /proc/keys | grep machine
31db47ec I------     1 perm 1f0b0000     0     0 keyring   .machine: empty

You are receiving this mail because: