Kernel module signing needed with secure boot enabled

[nicosmd]

Hey!

I just have installed the latest backport kernel module 6.8 to get my Scarlett 4th Gen running on my Ubuntu 22.04 System with Kernel Version 6.5. I had some issues after following the installation instructions in the README. It turned out that I had to manually sign the new kernel modules since I have secure boot enabled. I just wanted to share what I had to do in case others have the same issue.

After installing the backport I have noticed that the sound card did not show up in alsamixer at all but it was the case before the installation. I was not able find any information in the dmesg output that something went wrong. But when I have tried to run sudo modprobe snd-usb-audio I've was facing the output message

modprobe: ERROR: could not insert 'snd-usb-audio': Key was rejected by service

This kind of message seems to be related to secure boot. I fixed it by signing all *.ko files within /lib/modules/$(uname -r)/updates/snd-usb-audio using this command:

kmodsign sha512 /var/lib/shim-signed/mok/MOK.priv /var/lib/shim-signed/mok/MOK.der <module name>.ko

I did this for all *.ko files in the update but I'm not sure if this was really necessary or if it would have been sufficient to run it only for snd-usb-audio.ko

After doing this everything was working perfectly.

I'm not sure if this is usually part of the installation and something on my PC just went wrong. If not does it make sense to add it? At least a hint in the documentation might be helpful.

[geoffreybennett]

Hi @nicosmd,

Thanks for your notes on this. I have released a new version of the kernel driver and updated the README.md instructions with a few pointers to information if people run in to trouble because Secure Boot is enabled.

Regards, Geoffrey.