On 2016-04-29 05:38, Andrei Borzenkov wrote:
28.04.2016 20:45, Richard Brown пишет:
On 28 April 2016 at 18:51, Michael Melcher
wrote: Hi,
I have Secure Boot enabled in UEFI. Both, Leap and Tumbleweed boot fine. I added Kernel of the Day and now Grub complains that it has the invalid signature.
If I change Secure Boot settings from "Microsoft & 3rd party CA" to "none" I can boot the kernel fine. However, that makes for an ugly UEFI startup screen.
Kind regards, Michael
Are you sure this is not intentional? I am not sure, but I imagine it would be hard to offer a KOTD that was correctly signed given it typically takes longer than a day to get them signed..
Yes, KOTD is not signed by standard openSUSE key. I still think it would be useful to ship key together with kernel package, so that users could enroll it manually. We do it for GRUB.
It used to be done this way and the code for that is still in kernel-binary.spec.in, but has not been updated for 4.3+. Can you enter a bugreport for this? Thanks, Michal -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org