[kernel-bugs] [Bug 1175626] Recent update run on August 21, 2020 kills bootloader
http://bugzilla.opensuse.org/show_bug.cgi?id=1175626 http://bugzilla.opensuse.org/show_bug.cgi?id=1175626#c55 --- Comment #55 from Martin Wilck <martin.wilck@suse.com> --- (In reply to Neil Rickert from comment #52)
That cannot actually work. I might have more than one openSUSE system installed on my computer, and those systems all share the same list of enrolled keys. The rpm scripts can only check what is needed for the particular system where it is running.
Good point. But solving this correctly is tough. See comment 49, there are cases where we *want* to be sure to purge keys from the MokList. We can't ensure that, and at the same time keep all keys that other installations would want to have around. I guess the only way to solve it would be to have per-installation MokList variables, which would be a major implementation effort. Meanwhile Gary explained to me that for booting the *kernel*, having the keys in the MokList is actually not necessary, because shim has these sign keys built-in anyway. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com