Bug ID 1178813
Summary Kernel 5.3.18-lp152.50.1-default rejects module as unsigned, although it is, and key is properly enrolled into MOK
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.2
Hardware x86-64
OS openSUSE Leap 15.2
Status NEW
Severity Major
Priority P5 - None
Component Kernel
Assignee kernel-bugs@opensuse.org
Reporter publio.escipion.el.africano@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

I have an UEFI system with Secure boot enabled: HP Pavilion x360 Convertible
Model 14-cd0009la.
I have been working with it, since November 2018. I upgraded it to Leap 15.2,
soon after it was released.

It has a Realtek RTL8821CE 802.11ac PCIe Wireless Network Adapter, which module
the kernel doesn't provides. So, I compile the module from source, and sign it
with my own key.

The Wireless Network Adapter worked fine, till 5.3.18-lp152.47-default.

Starting with new kernel-default-5.3.18-lp152.50.1 (update by 20201114), the
kernel rejects module rtl8821ce as unsigned, although it is, and key is
properly enrolled into MOK.

Output after running modprobe 8821ce: ���modprobe: ERROR: could not insert
'8821ce': Operation not permitted���.
Output after running  dmesg | grep modprobe: ���Lockdown: modprobe: Loading of
unsigned module is restricted; see man kernel_lockdown.7���

This scenario persists although I have recompiled and rebuild the module for
the new kernel version 5.3.18-lp152.50.1, with rpmbuild (as normal user,
because norootforbuild), signed it, as previously did, with modsign-repackage,
and updated it.

The key is already enrolled into MOK, and it is valid (mokutil
--list-enrolled).

Workaround: boot with older kernel 5.3.18-lp152.47-default, instead.
==================================================================================
mokutil --test-key RHNcert.der
RHNcert.der is already enrolled

================== hwinfo (kernel 5.3.18-lp152.47-default)
=======================
27: PCI 100.0: 0282 WLAN controller
  [Created at pci.386]
  Unique ID: y9sn.ktuJf6vGWa2
  Parent ID: z8Q3.ry9IuBANcF5
  SysFS ID: /devices/pci0000:00/0000:00:1c.0/0000:01:00.0
  SysFS BusID: 0000:01:00.0
  Hardware Class: network
  Device Name: "WLAN"
  Model: "Realtek RTL8821CE 802.11ac PCIe Wireless Network Adapter"
  Vendor: pci 0x10ec "Realtek Semiconductor Co., Ltd."
  Device: pci 0xc821 "RTL8821CE 802.11ac PCIe Wireless Network Adapter"
  SubVendor: pci 0x103c "Hewlett-Packard Company"
  SubDevice: pci 0x831a 
  Driver: "rtl8821ce"
  Driver Modules: "8821ce"
  Device File: wlan0
  Features: WLAN
  I/O Ports: 0x3000-0x3fff (rw)
  Memory Range: 0xa1000000-0xa100ffff (rw,non-prefetchable)
  IRQ: 133 (162124 events)
  HW Address: 80:2b:f9:17:85:1f
  Permanent HW Address: 80:2b:f9:17:85:1f
  Link detected: yes
  WLAN channels: 1 2 3 4 5 6 7 8 9 10 11 12 13 36 40 44 48 52 56 60 64 100 104
108 112 116 120 124 128 132 136 140
  WLAN frequencies: 2.412 2.417 2.422 2.427 2.432 2.437 2.442 2.447 2.452 2.457
2.462 2.467 2.472 5.18 5.2 5.22 5.24 5.26 5.28 5.3 5.32 5.5 5.52 5.54 5.56 5.58
5.6 5.62 5.64 5.66 5.68 5.7
  WLAN bitrates: 1 2 5.5 11
  WLAN encryption modes: TKIP CCMP
  WLAN authentication modes: open wpa-psk wpa-eap
  Module Alias: "pci:v000010ECd0000C821sv0000103Csd0000831Abc02sc80i00"
  Driver Info #0:
    Driver Status: 8821ce is active
    Driver Activation Cmd: "modprobe 8821ce"
  Config Status: cfg=no, avail=yes, need=no, active=unknown
  Attached to: #20 (PCI bridge)

You are receiving this mail because: