[Bug 1209006] Document how to secureboot-sign manually-built kernel modules on TW kernel >= 6.2.1
https://bugzilla.suse.com/show_bug.cgi?id=1209006 https://bugzilla.suse.com/show_bug.cgi?id=1209006#c6 --- Comment #6 from Michal Suchanek <msuchanek@suse.com> --- On Leap we don't need the secondary keyring at all, we have a downstream patch that loads the MOK keys into platform keyring, and verifies modules with platform keyring. In upstream the MOK keys are loaded into machine keyring which then should get loaded into secondary keyring. This option is for loading additional keys (which the name does not reflect) in a specific way different from the default (which the name does not reflect) and is incompatible with machine keyring (which would have to be patched out to enable it). Does not seem to work for me, anyway: cat /proc/keys | grep machine 31db47ec I------ 1 perm 1f0b0000 0 0 keyring .machine: empty -- You are receiving this mail because: You are the assignee for the bug.
participants (1)
-
bugzilla_noreply@suse.com