I have recently installed leap 42.3 on an Acer laptop (ES1-523) and the default kernel does not work correctly with the QCA9733 wifi. Thus I need to use a more recent kernel, namely 4.12.5 from repo: download.opensuse.org/repositories/Kernel:/stable/standard/x86_64/
After telling the EFI to trust the LEAP 42.3 secure boot key, and some fiddling with the BIOS to put grub before windows EFi boot, I did get opensuse working properly with secure boot. I used zypper to download kernel 4.12.5 and install it. Using secure boot the kernel is unsigned and not loaded, presubalbly by shim of grub. I would happily go back to the stock 4.4 kernel if there is a fix for the QCA9733 driver.
MY QUESTION:
Are all the updated/developer kernels unsigned? (The LEAP42.3 kernel was signed.) What is the normal way to get get the new kernel signed so I can use secure boot again?
Update kernels are signed, developer kernels are not signed with Leap key. Kernel:stable is not an update for Leap but independent project offering latest kernels.
IMO Secure Boot is security theater . If a bad actor can modify the boot chain they already own the machine. The best that secure boot can do is brick the system.
Yes, that’s true, but baddies do need physical access to the machine. It’s really Windows that benefits from secure boot. I do dual boot so I’d prefer it to be on.
The purpose of using a development kernel was to get my wifi (QCA9733) going in LEAP42.3. How can I find out if the fixed ath10k driver has been back ported to the stock 4.4.xx kernel ?