http://bugzilla.opensuse.org/show_bug.cgi?id=1178813 Bug ID: 1178813 Summary: Kernel 5.3.18-lp152.50.1-default rejects module as unsigned, although it is, and key is properly enrolled into MOK Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: x86-64 OS: openSUSE Leap 15.2 Status: NEW Severity: Major Priority: P5 - None Component: Kernel Assignee: kernel-bugs@opensuse.org Reporter: publio.escipion.el.africano@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I have an UEFI system with Secure boot enabled: HP Pavilion x360 Convertible Model 14-cd0009la. I have been working with it, since November 2018. I upgraded it to Leap 15.2, soon after it was released. It has a Realtek RTL8821CE 802.11ac PCIe Wireless Network Adapter, which module the kernel doesn't provides. So, I compile the module from source, and sign it with my own key. The Wireless Network Adapter worked fine, till 5.3.18-lp152.47-default. Starting with new kernel-default-5.3.18-lp152.50.1 (update by 20201114), the kernel rejects module rtl8821ce as unsigned, although it is, and key is properly enrolled into MOK. Output after running modprobe 8821ce: �modprobe: ERROR: could not insert '8821ce': Operation not permitted�. Output after running dmesg | grep modprobe: �Lockdown: modprobe: Loading of unsigned module is restricted; see man kernel_lockdown.7� This scenario persists although I have recompiled and rebuild the module for the new kernel version 5.3.18-lp152.50.1, with rpmbuild (as normal user, because norootforbuild), signed it, as previously did, with modsign-repackage, and updated it. The key is already enrolled into MOK, and it is valid (mokutil --list-enrolled). Workaround: boot with older kernel 5.3.18-lp152.47-default, instead. ================================================================================== mokutil --test-key RHNcert.der RHNcert.der is already enrolled ================== hwinfo (kernel 5.3.18-lp152.47-default) ======================= 27: PCI 100.0: 0282 WLAN controller [Created at pci.386] Unique ID: y9sn.ktuJf6vGWa2 Parent ID: z8Q3.ry9IuBANcF5 SysFS ID: /devices/pci0000:00/0000:00:1c.0/0000:01:00.0 SysFS BusID: 0000:01:00.0 Hardware Class: network Device Name: "WLAN" Model: "Realtek RTL8821CE 802.11ac PCIe Wireless Network Adapter" Vendor: pci 0x10ec "Realtek Semiconductor Co., Ltd." Device: pci 0xc821 "RTL8821CE 802.11ac PCIe Wireless Network Adapter" SubVendor: pci 0x103c "Hewlett-Packard Company" SubDevice: pci 0x831a Driver: "rtl8821ce" Driver Modules: "8821ce" Device File: wlan0 Features: WLAN I/O Ports: 0x3000-0x3fff (rw) Memory Range: 0xa1000000-0xa100ffff (rw,non-prefetchable) IRQ: 133 (162124 events) HW Address: 80:2b:f9:17:85:1f Permanent HW Address: 80:2b:f9:17:85:1f Link detected: yes WLAN channels: 1 2 3 4 5 6 7 8 9 10 11 12 13 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 WLAN frequencies: 2.412 2.417 2.422 2.427 2.432 2.437 2.442 2.447 2.452 2.457 2.462 2.467 2.472 5.18 5.2 5.22 5.24 5.26 5.28 5.3 5.32 5.5 5.52 5.54 5.56 5.58 5.6 5.62 5.64 5.66 5.68 5.7 WLAN bitrates: 1 2 5.5 11 WLAN encryption modes: TKIP CCMP WLAN authentication modes: open wpa-psk wpa-eap Module Alias: "pci:v000010ECd0000C821sv0000103Csd0000831Abc02sc80i00" Driver Info #0: Driver Status: 8821ce is active Driver Activation Cmd: "modprobe 8821ce" Config Status: cfg=no, avail=yes, need=no, active=unknown Attached to: #20 (PCI bridge) -- You are receiving this mail because: You are the assignee for the bug.