Kernel 6.4.4 installation didn't prompt MOK update?

Hi - not sure if this happened to anyone else, but when I updated to the 20230724 snapshot this morning, I then found that many actions were delayed by about 1 second before beginning (mostly starting applications, but also choosing a power/session option from the KDE launcher menu).

When I checked the logs at the time of launching an application, I saw the message “kernel: Loading of module with unavailable key is rejected”. I have an Nvidia graphics card and Secure Boot, so I assumed it was related - and noticed that unlike with prior updates, I wasn’t prompted to enroll a key through the MOK utility on reboot this time.

I tried the instructions here, rebooted/enrolled that key and the problem seems to have gone away, but I was just wondering if that’s a known thing, something possibly unique to the lockdown mode transition recently, or if that’s unexpected?

The .der key file (on my system, /var/lib/nvidia-pubkeys/MOK-nvidia-driver-G06-535.86.05-10.1-default.der) had a timestamp coinciding with the upgrade this morning, so I looks like it was created along with the kernel installation but re-signing wasn’t triggered?

Hmmm. Mine prompted me for the MOK. Indeed strange that yours did not.

Probably not. I tested dup with installed NVIDIA driver and I was prompted for both enrolling the new key and deleting the old key on reboot. Check logs (like /var/log/zypper/history).

Which means now after rollback to previous snapshot with different kernel version NVIDIA driver will not load because the old key will be missing.