Comment # 10 on bug 1173115 from 
(In reply to Michal Suchanek from comment #9)
> Does that work for kernels built in random home project?

Those are signed with a key different from the one signed by the openSUSE
Secure boot CA. So for those of course one has to import the sign key into Mok.

That doesn't mean that a) the kernel %post script has to do that automatically
(well it doesn't anyways, just prepares for it once) and b) the kernel built in
official projects have to do the import.
Check for example shim, it behaves differently when built in the official
project (ie with openSUSE/SLE keys) vs built in home or devel projects.

So similar checks could be done in the kernel spec file and skip mokutil when
built with the openSUSE keys.

You are receiving this mail because: