A kernel update and my 8812ua

My laptop is running Fedora 24 and today there was updates for the system and one of the updates was a new kernel. I was looking forward to see if the module for my Realtek usb wifi dongle got updated also. Too check for this I run tree.


[root@Threadstone ~]# tree /var/lib/dkms/8812au/
4.3.14_13455.20150212/ kernel-4.7.2-201.fc24.x86_64-x86_64/
kernel-4.6.7-300.fc24.x86_64-x86_64/
[root@Threadstone ~]# tree /var/lib/dkms/8812au/
/var/lib/dkms/8812au/
├── 4.3.14_13455.20150212
│   ├── 4.6.7-300.fc24.x86_64
│   │   └── x86_64
│   │   ├── log
│   │   │   └── make.log
│   │   └── module
│   │   └── 8812au.ko
│   ├── 4.7.2-201.fc24.x86_64
│   │   └── x86_64
│   │   ├── log
│   │   │   └── make.log
│   │   └── module
│   │   └── 8812au.ko
│   └── source -> /usr/src/8812au-4.3.14_13455.20150212
├── kernel-4.6.7-300.fc24.x86_64-x86_64 -> 4.3.14_13455.20150212/4.6.7-300.fc24.x86_64/x86_64
└── kernel-4.7.2-201.fc24.x86_64-x86_64 -> 4.3.14_13455.20150212/4.7.2-201.fc24.x86_64/x86_64

12 directories, 4 files
[root@Threadstone ~]# uname -a
Linux Threadstone 4.7.2-201.fc24.x86_64 #1 SMP Fri Aug 26 15:58:40 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

As one can see the running kernel is 4.7.2-201 and that is also the newest kernel on Fedora 24. The module 8812au.ko is built against that same kernel as is shown in the tree. So I try to load it.. but get an error.


[root@Threadstone ~]# modprobe 8812au
modprobe: ERROR: could not insert '8812au': Required key not available

So the problem is that the module is not signed against the new kernel. I generated keys for the signing when I first built the module but for some reason I can’t find them. So I’ll build new ones.


[root@Threadstone ~]# mkdir keys
[root@Threadstone ~]# cd keys/
[root@Threadstone keys]# ls
[root@Threadstone keys]# openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=ardal/"
Generating a 2048 bit RSA private key
...........................................+++
.................................................................................................................................+++
writing new private key to 'MOK.priv'
-----
[root@Threadstone keys]# ls
MOK.der MOK.priv

So now the keys are in a directory that I know where is for the next time I need to sign the module. So then it’s time to sign the module and get it up and running again.


[root@Threadstone keys]# sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n 8812au)

[root@Threadstone keys]# mokutil --import MOK.der
input password:
input password again:

From there a reboot is needed since it’s needed to get it into uefi secure boot. After the computer has booted up I check if it’s in the listing when running iwconfig.


[root@Threadstone ~]# iwconfig

wlp0s20u4 unassociated Nickname:""
Mode:Managed Frequency=2.412 GHz Access Point: Not-Associated
Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

Since I didn’t find the MOK.priv and the MOK.der files that I used last time I couldn’t use those for signing again. Next time I need to do this I have the keys in a known location, so it’s just the signing part that should be necessary.

Leave a Reply

Your email address will not be published. Required fields are marked *