On Fri, Jun 10, 2022 at 06:03:42PM +0300, Andrei Borzenkov wrote:
KMP signature key is provided as /etc/uefi/certs/BDD31A9E-kmp.crt, but apparently nothing enrolls this key automatically. It is missing after update to Leap 15.4:
bor@10:~> mokutil --list-enrolled | grep 'SHA1 Finger'
SHA1 Fingerprint: bc:a4:e3:8e:d1:84:2b:c8:6f:f7:6d:4d:a7:49:51:f1:62:88:59:f8
SHA1 Fingerprint: 4a:aa:0b:54:67:76:1e:cf:c0:0a:42:32:b1:7a:b4:8b:3e:09:a3:bf
bor@10:~>
And there is no enrollment request after installation of KMP:
bor@10:~> sudo zypper in bbswitch-kmp-default ... bor@10:~> mokutil --list-new
bor@10:~>
Looking at kernel-scriptlets, certificate is handled by inkpm-script, but (at least, this KMP) calls kmp-script.
Is it a bug, missing feature or what? KMP was built for 15.4:
I think this is probably the same bug as boo#1195118. The problem is understood, but the proper solution is not there yet. Gaicomo
bor@10:~> zypper se -s bbswitch-kmp-default
Loading repository data...
Reading installed packages...
S | Name | Type | Version | Arch | Repository
---+----------------------+---------+------------------------------------+--------+----------------
i+ | bbswitch-kmp-default | package | 0.8_k5.14.21_150400.22-lp154.1.187 | x86_64 | Main Repository
bor@10:~>