[Bug 1209006] Document how to secureboot-sign manually-built kernel modules on TW kernel >= 6.2.1
https://bugzilla.suse.com/show_bug.cgi?id=1209006
https://bugzilla.suse.com/show_bug.cgi?id=1209006#c26
--- Comment #26 from Michal Suchanek
From https://lore.kernel.org/all/20220928055900.GT4909@linux-l9pv.suse/t/ #m3ce7e451f1855d9c432965bb896cb7ce0f89e009:
The end-user will now need to enroll two keys. First the CA Key into the MOK and then the leaf cert into the secondary trusted keyring.
HOW would the user add this leaf cert? I am not getting it. From the PDF
At runtime, presumably with keyctl. This is not used in (open)SUSE at all but should be so that you can load official KMPs when running non-official kernel. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com