Anyway. Assuming bbswitch that is part of openSUSE Leap 15.4 - it is signed by key /etc/uefi/certs/BDD31A9E-kmp.crt but apparently this key is not automatically enrolled on KMP installation. To enroll it manually
The first part, it somehow doesn’t load bbswitch unless the secure boot is off. I was doing some testing, it may have been because many things went wrong in the installation. DRM = Digital Rights Management, another way I call Nvidia certificate .
The last part, You are right, that specific KMP certification was not enrolled and I did and my bbswitch was consistently loading but producing inconsistent results. I am going to go around from scratch again.
This is the clue to secureboot locking out NVIDIA key
Jun 10 21:05:37 SJLPHI-Solid bumblebeed[2988]: modprobe: ERROR: could not insert 'nvidia': Key was rejected by service
Jun 10 21:05:37 SJLPHI-Solid bumblebeed[742]: 252.456785] [ERROR]Module nvidia could not be loaded (timeout?)
Jun 10 21:05:37 SJLPHI-Solid bumblebeed[742]: 252.456795] [ERROR]Could not load GPU driver