The UEFI certificate in staging and rings needs to be equal. If there's something wrong, like openQA not booting verify by checking /etc/uefi/certs in the shim package in Leap vs Factory. Use openssl to dump the certificates:
openssl x509 -noout -text -nameopt multiline,utf8,-esc_msb -inform DER -in $file
If anything then we're now using shim signed by SUSE cert.
DimStar mentioned that factory has shim-leap. Do we still need that should we have the SLE shim instead?
Original task:
verify staging UEFI certificate
The UEFI certificate in staging and rings needs to be equal. If there's something wrong, like openQA not booting verify by checking /etc/uefi/certs in the shim package in Leap vs Factory. Use openssl to dump the certificates:
If anything then we're now using shim signed by SUSE cert.
DimStar mentioned that factory has shim-leap. Do we still need that should we have the SLE shim instead?