I recently installed Ubuntu 17.04. But I want to boot it with the opensuse grub2. This is on a UEFI machine. I am already setup to sign kernels. So the idea is for me to sign the Ubuntu kernel, so that the kernel signature will be okay with opensuse grub2-efi. Ubuntu comes with two kernels: vmlinuz-4.10.0-19-generic vmlinuz-4.10.0-19-generic.efi.signed The second of those is signed by Canonical. The first is unsigned. I chose to sign the second of those kernels. It was my understanding that having multiple signatures is allowed. But it would not boot. I got a message about invalid signature. So I instead signed the first of those kernels. And that is working fine. And if Ubuntu boot tries to check signatures, it should be okay because it sees my installed machine owner key. I'm not sure why Ubuntu provides a signed kernel, since Ubuntu boot normally doesn't check signatures anyway. They seem to just pretend to check (a bit like the Volkswagen pollution controls). My question: Is this a bug in the opensuse shim signature checking? Shouldn't it work with multiple signatures on kernels? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org