[kernel-bugs] [Bug 1173115] zypper dup from 15.1 shows mok screen on reboot
http://bugzilla.opensuse.org/show_bug.cgi?id=1173115 http://bugzilla.opensuse.org/show_bug.cgi?id=1173115#c6 --- Comment #6 from Ludwig Nussel <lnussel@suse.com> --- ok, got it. It's caused by CONFIG_MODULE_SIG=y. With that enabled, the %post snippet wants to import the extra cert. It's not imported directly but rather added to some "to be imported queue" for next reboot. On reboot, a dialog with a 10s timeout is shown before grub. It asks to press a key to enter Mok key management. To actually import the key, one has to perform several steps in that wizard, including entering the root password. Not pressing a key will just continue boot, not import the key and don't bother anymore (until the next kernel update?). In other words, the whole stunt seems pointless and just confusing. Since kernel module signatures chain back to the secure boot CA built into shim we don't need that extra cert anyways, right? So can we just skip importing it? -- You are receiving this mail because: You are the assignee for the bug.
participants (1)
-
bugzilla_noreply@suse.com