-
Notifications
You must be signed in to change notification settings - Fork 535
Secure Boot
==================================================================
If your system has Secure Boot enabled, it might refuse to load any unsigned kernel modules.
Typically, you would get something like the following error:
modprobe: ERROR: could not insert 'v4l2loopback': Operation not permitted
Lockdown: modprobe: unsigned module loading is restricted; see man kernel_lockdown.7
A: If you are running secure boot, that's most likely the reason you will see this error. Go through the following steps to see if it corrects the problem.
(note the name OBS.priv, OBS.der, and /CN=OBS/ are the names I just gave it, you can call it whatever you want)
The first six steps only need to be done once:
openssl req -new -x509 -newkey rsa:2048 -keyout OBS.priv -outform DER -out OBS.der -nodes -days 36500 -subj "/CN=OBS/"sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./OBS.priv ./OBS.der $(modinfo -n v4l2loopback)-
tail $(modinfo -n v4l2loopback) | grep "Module signature appended"(confirm that the module is now signed) -
sudo mokutil --import OBS.der- you'll have to make a password at this step REMEMBER IT! - Reboot; You will go through a MOK enrollment process in the BIOS; This is where you need the password from step 4.
-
mokutil --test-key OBS.der(this just confirms it's enrolled) sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./OBS.priv ./OBS.der $(modinfo -n v4l2loopback)
(Not sure if the last step is needed the first time (since you already do it in in the beginning), but I had it in my notes for another module with the same issue so I'm including it here.)
Now every time there's a kernel update, or the v4l2loopback module is updated, you'll have to go through the last step again and reboot.