Install and sign v4l2loopback in fedora

fedora_v4l2loopback_and_signing.sh

#!/usr/bin/env bash
# set -x
Git_status=$(curl --silent -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/umlaeute/v4l2loopback/tags" )
TAR_dl=$( echo "${Git_status}" | jq -r ".[].tarball_url" | head -n1)
TAR_v=$( echo "${Git_status}" | jq -r ".[].name" | head -n1)


build_dir="${build_dir:-/usr/src/v4l2loopback-"${TAR_v}"}"
tmp_dir="${tmp_dir:-/tmp}"
mokutil_out_dir="${mokutil_out_dir:-/root/.ssh/mokutil-module-signing}"

mokutil_509key_pass=$(cat "${mokutil_out_dir}"/.openssl_pass)
mokutil_509key_pass="${mokutil_509key_pass:-$(openssl rand -hex 6)}"

# https://github.com/umlaeute/v4l2loopback/issues/394
# https://unix.stackexchange.com/questions/445772/how-to-add-a-public-key-into-system-keyring-for-kernel-without-recompile
# https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/kernel-module-driver-configuration/Working_with_Kernel_Modules/#sect-signing-kernel-modules-for-secure-boot
# ToDo:
# - Maybe systemd service, needs testing

source /etc/os-release || source /usr/lib/os-release
case ${ID,,} in
  *suse*) pkg_mgr_cmd="zypper -n in"; sign_file_dir="/usr/src/linux-obj/x86_64/default/scripts"  ;;
  centos|rhel|fedora) pkg_mgr_cmd="dnf install -y";  pkg_check_cmd="rpm -qa"   ;;
  ubuntu|debian) pkg_mgr_cmd="apt-get install -y";  pkg_check_cmd="dpkg-query -l" ;;
  # Gentoo needs to have version set since it's rolling
  gentoo) pkg_mgr_cmd="emerge --jobs=4"; export VERSION="rolling" ;;
  *) warn "unsupported distribution: ${ID,,}" ;;
esac
function info { echo -e "\e[32m[info] $*\e[39m"; }
function warn  { echo -e "\e[33m[warn] $*\e[39m"; }
function error { echo -e "\e[31m[error] $*\e[39m"; exit 1; }
function check_install {  ${pkg_check_cmd} "$*" | grep -q  "$*" || ( ${pkg_mgr_cmd} "$*";  warn "you probably have to reboot" ; false ); }
check_install kernel-headers
check_install kernel-devel

command -v openssl > /dev/null 2>&1 || ( warn "missing openssl"; ${pkg_mgr_cmd} openssl )
command -v jq > /dev/null 2>&1 || ( warn "missing jq"; ${pkg_mgr_cmd} jq )
command -v curl > /dev/null 2>&1 || ( warn "missing curl"; ${pkg_mgr_cmd} curl )
command -v mokutil > /dev/null 2>&1 || ( warn "missing mokutil" ; ${pkg_mgr_cmd} mokutil )

function check_key () {
  if [ -f "${mokutil_out_dir}"/MOK.priv ]; then
    info "probing MOK.der"
    if mokutil --test-key "${mokutil_out_dir}/MOK.der" | grep -q "already enrolled"; then
      info "The Key is already trusted"
      install_v4l2loopback
    else
      warn "info the key exist but is not trusted yet, reimporting it because it does not hurt. You missing a reboot?"
      import_trust
    fi
  else
    info "Generating keys to sign"
    mokutil_setup
  fi
}

function signing_ko () {
  export KBUILD_SIGN_PIN="${mokutil_509key_pass}"
  sign_file_dir="${sign_file_dir:-/usr/src/kernels/"$(uname -r)"/scripts}"
  if [[ -f /lib/modules/"$(uname -r)"/extra/v4l2loopback.ko.xz || -f /lib/modules/"$(uname -r)"/extra/v4l2loopback.ko ]]; then
    ko_folder="${ko_folder:-/lib/modules/$(uname -r)/extra}"
  elif [[ -f /lib/modules/"$(uname -r)"/extra/v4l2loopback/v4l2loopback.ko.xz || -f /lib/modules/"$(uname -r)"/extra/v4l2loopback/v4l2loopback.ko ]]; then
    ko_folder="${ko_folder:-/lib/modules/$(uname -r)/extra/v4l2loopback}"
  else
    warn "Can not locate the folder used for v4l2loopback.ko.xz to unxz and sign. Find the file and try to set the var 'ko_folder'"
  fi
  if [[ ! -f "${ko_folder}"/v4l2loopback.ko.xz || ! -f "${ko_folder}"/v4l2loopback.ko ]]; then
    warn "there might be no file to sign. Please check ${ko_folder}" ; ko_folder="${ko_folder:-/lib/modules/$(uname -r)/extra}"
  fi
  info "Cert Password:"
  info "$mokutil_509key_pass"
  unxz -f "${ko_folder}/v4l2loopback.ko.xz"
  ${sign_file_dir}/sign-file sha256 "${mokutil_out_dir}/MOK.priv" "${mokutil_out_dir}/MOK.der" "${build_dir}/v4l2loopback.ko"  && info "${build_dir}/v4l2loopback.ko"
  ${sign_file_dir}/sign-file sha256 "${mokutil_out_dir}/MOK.priv" "${mokutil_out_dir}/MOK.der" "${ko_folder}/v4l2loopback.ko"  && info "${ko_folder}/v4l2loopback.ko"
  xz -f "${ko_folder}/v4l2loopback.ko"
  info "finished signing_ko"
}

function mokutil_setup () {
  if [ ! -f "${mokutil_out_dir}"/MOK.priv ]; then
    info "Still no Private key found, Generating one"
    ( umask 077 && mkdir -p "${mokutil_out_dir}")
    name="$(hostname)_signing_key"
    echo "${mokutil_509key_pass}" > "${mokutil_out_dir}/.openssl_pass"
    openssl \
    req -new -x509 \
    -passin pass:"${mokutil_509key_pass}" \
    -passout pass:"${mokutil_509key_pass}" \
    -newkey rsa:2048 \
    -keyout "${mokutil_out_dir}/MOK.priv" \
    -outform DER \
    -out "${mokutil_out_dir}/MOK.der" \
    -days 31500 \
    -subj "/CN=${name}/" \
    -addext "extendedKeyUsage=codeSigning" || error "issue creating cert"
    openssl x509 -inform der -in "${mokutil_out_dir}"/MOK.der -out "${mokutil_out_dir}"/MOK.pem
    mkdir -p /usr/src/kernels/"$(uname -r)"/certs/

    cat "${mokutil_out_dir}"/MOK.pem > /usr/src/kernels/"$(uname -r)"/certs/signing_key.pem
    #  cp "${mokutil_out_dir}"/MOK.der /usr/src/kernels/"$(uname -r)"/certs/signing_key.pem
    chmod 600 "${mokutil_out_dir}"/MOK*
    chmod 600 "${mokutil_out_dir}"/.openssl_pass
    echo "The pasword for the x509 cert is: ${mokutil_509key_pass}"
    import_trust
  else
    echo "Private key already present"
  fi
  info "finished mokutil_setup"
}

function import_trust () {
  info "Enroling new cert"
  warn "Set a one-time import password, Make it memorablel, you have to type it into later"
  warn "for a example check https://gist.github.com/reillysiemens/ac6bea1e6c7684d62f544bd79b2182a4"
  mokutil --import "${mokutil_out_dir}"/MOK.der
  info "A Key has been generated and importet into mokutil"
  mokutil --list-new
  info "Now reboot your machine and import the certificate with the just typed password"
  exit 0
  info "finished import_trust"
}

function install_v4l2loopback () {
  info "start install_v4l2loopback"
  curl -SL "${TAR_dl}" -o "${tmp_dir}"/v4l2loopback_"${TAR_v}".tar.gz
  mkdir -p "${build_dir}"
  tar xfv "${tmp_dir}"/v4l2loopback_"${TAR_v}".tar.gz --directory="${build_dir}"
  mv "${build_dir}"/umlaeute-v4l2loopback-*/* "${build_dir}"/.
  rm -r "${build_dir}"/umlaeute-v4l2loopback-*
  pushd "${build_dir}" || exit
  make clean
  make || build_failed
  mkdir -p /usr/src/kernels/"$(uname -r)"/certs/
  if [[ -z "$skip_signing" ]]; then
      info "Cert Password:"
      info "$mokutil_509key_pass"
      export KBUILD_SIGN_PIN="${mokutil_509key_pass}"
      cp "${mokutil_out_dir}"/MOK.pem /usr/src/kernels/"$(uname -r)"/certs/signing_key.pem
      chmod 444 /usr/src/kernels/"$(uname -r)"/certs/signing_key.pem
      # info "stat file"
      # stat /usr/src/kernels/"$(uname -r)"/certs/signing_key.pem
  fi
  make install 
  ls /lib/modules/"$(uname -r)"/extra/
  if [[ -z "$skip_signing" ]]; then
      info "Now Manually singing"
      signing_ko
  fi
  popd || return
  depmod -a
  modprobe v4l2loopback
  modinfo v4l2loopback
  info "finished install_v4l2loopback"
  lsmod | grep -q v4l2loopback && info "v4l2loopback loaded!"
}


function slr_as_webcam () {
  # https://medium.com/nerdery/dslr-webcam-setup-for-linux-9b6d1b79ae22
  command -v ffmpeg > /dev/null 2>&1 || ( warn "missing ffmpeg"; ${pkg_mgr_cmd} ffmpeg )
  command -v gphoto2 > /dev/null 2>&1 || ( warn "missing gphoto2" ; ${pkg_mgr_cmd} gphoto2 )
  # Best formats
  # https://stackoverflow.com/a/59574988
  warn "quick 5s test"
  timeout 5 gphoto2 --stdout --capture-movie | ffmpeg -i - -vcodec rawvideo -pix_fmt yuv420p -threads 0 -f v4l2 "$(v4l2-ctl --list-devices | grep v4l2loopback -A 1 | grep -oe "/dev/video.*" | head -n 1)"
  
  # https://github.com/umlaeute/v4l2loopback/issues/391#issuecomment-800941494
  echo "v4l2loopback" > /etc/modules-load.d/v4l2loopback.conf
cat << EOF > /etc/modprobe.d/v4l2loopback.conf
# Module options for v4l2loopback
options v4l2loopback exclusive_caps=1,1
options v4l2loopback devices=2
options v4l2loopback max_buffers=2
options v4l2loopback video_nr=63,102
options v4l2loopback card_label="obs,slr"
EOF
info "Config to Automaticaly load Kernel module added"
}

function build_failed () {
  echo "
    When you see 
      *** No rule to make target 'clean'.  Stop. 
    Probably kernel-headers and kernel do not have the same version… Install, reboot and try again!
    otherwise you could try running 'dnf donwgrade gcc' https://ask.fedoraproject.org/t/fedora-34-beta-and-oot-kmod-nvidia-virtualbox-v4l2loopback-etc/12778
  "
}

function help () {
  echo "
     just run the script, reboot (you will have to type a pass you set) and run again!
     you can also run '$0 slr_as_webcam' to install tools you need to use a dslr as webcam
  "
}

if [ "$EUID" -ne 0 ]
then error "Please run as root"
else
  if [ "$#" -eq  "1" ]
  then
    $1
    exit 0
  else
    if mokutil --sb-state | grep -q "SecureBoot enabled"; then
      grep -q "v4l2loopback" /proc/modules && info "v4l2loopback is loaded" || ( info "Secure boot is enabled and you have to setup singing" ; check_key)
    else
      warn "no need to sing Stuff!"
      export skip_signing=1
      grep -q "v4l2loopback" /proc/modules || install_v4l2loopback 
    fi
  fi
fi

Moreover, I would like to know something about your script

(1) by using your script, it will run automatically whenever the kernel is update? How?
(2) What is the private key/ pass-phrase? I would like to use the same key to sign my other kernel module, like nvidia.

Thank you so much

Changelog:

• Changed build dir as per 2ndBillGates, Thanks a lot <3 ~#3 ~#40
• proper umask for /root/.ssh #83
• remove of unnecessary ls #150
• change modules-load.d OBS cam to device number 63 (OBS only scanned until device 64) #175
  and enabled exclusive_caps for SLR #172
• added check to stop unnecessary builds #206

When you have issues, try the version from the 13 Feb. and please let me know (the version worked for OE1FEU-DF5JT)

little fyi;
got these in my .bashrc

alias camera_start='gphoto2 --stdout --capture-movie | ffmpeg -i - -vcodec rawvideo -pix_fmt yuv420p -threads 0 -f v4l2 /dev/video102'
alias camera_start_fix_error="pkill -f gphoto2"

camera () {
  pkill -f gphoto2
  sleep 2
  gphoto2  --stdout --capture-movie | ffmpeg -i - -vcodec rawvideo -pix_fmt yuv420p -threads 0 -f v4l2 /dev/video102
}

Moreover, I would like to know something about your script

(1) by using your script, it will run automatically whenever the kernel is update? How? (2) What is the private key/ pass-phrase? I would like to use the same key to sign my other kernel module, like nvidia.

Thank you so much

Heya, Nope. I run it manually as part of my upgrade procedure. not botherd to set up a systemd service until now.
I could see something like vi /etc/systemd/system/v4l2loopback-and-signing.service

[Unit]
Description=Automaticaly download, build and sign v4l2loopback
After=network-online.target
Wants=network-online.target

[Service]
Type=oneshot
# EnvironmentFile=fedora_v4l2loopback_and_signing.env 
ExecStart=/opt/fedora_v4l2loopback_and_signing.sh 
Restart=no

[Install]
WantedBy=multi-user.target

ATTENTION: NOT TESTET
(But I guess not a lot should go wrong)

Line #206 should be changed to also check if the module is loaded, to stop unnecessary builds
will change this now

to (2),
Yea go for it, the key is enrolled to your system.
When you didnt changed the default variables it should be sudo cat /root/.ssh/mokutil-module-signing/.openssl_pass

Just tried it, works perfectly fine.

However, "/usr/src" directory is looking messy again.

The changes that I made was define v4l2lookback build_dir folder in the beginning, also name it as "v4l2lookback-v0.12.5"

Git_status=$(curl --silent -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/umlaeute/v4l2loopback/tags" )
TAR_dl=$( echo "${Git_status}" | jq -r ".[].tarball_url" | head -n1)
TAR_v=$( echo "${Git_status}" | jq -r ".[].name" | head -n1)

build_dir="${build_dir:-/usr/src/v4l2loopback-"${TAR_v}"}"`
tmp_dir="${tmp_dir:-/tmp}"
mokutil_out_dir="${mokutil_out_dir:-/root/.ssh/mokutil-module-signing}"

sorry, I didn't make it clearly earlier

I build v4l2loopback for this kernel make by another amazing dev on github.
https://github.com/linux-surface/linux-surface/wiki/Camera-Support

IDK what happens this time.

When I was using fedora 35, I could install dkms module of (v4l2loopback & nvidia) no problem.

I just clean install fedora 36 yesterday and able to install v4l2loopback & Nvidia module without dkms.
However, when I try to install them from dkms, DKMS does not sign them. and causing insmod not able to know, says: "keys invalid"

back then, in F35, it does automatically sign dkms modules

When sharing snippets try to put them in 3 backslashes, way better for readability.

```bash

```

I ll probably do a fresh install this weekend too. Lets see if I can find out where the mess is coming from.
I guess I did some cp wrongly

as a fyi
To the first variables,
I meant them to be overwritten by env vars. quite useful feature of bash.

export build_dir="/usr/src/something"
/root/fedora_v4l2loopback_and_signing.sh 
# or
tmp_dir="/usr/src/somethingelse" /root/fedora_v4l2loopback_and_signing.sh 

Cant really help out with DKMS, Would have used it, if it would work.

When sharing snippets try to put them in 3 backslashes, way better for readability.

I ll probably do a fresh install this weekend too. Lets see if I can find out where the mess is coming from. I guess I did some cp wrongly

as a fyi To the first variables, I meant them to be overwritten by env vars. quite useful feature of bash.

export build_dir="/usr/src/something"
/root/fedora_v4l2loopback_and_signing.sh 
# or
tmp_dir="/usr/src/somethingelse" /root/fedora_v4l2loopback_and_signing.sh 

Cant really help out with DKMS, Would have used it, if it would work.

ok my bad, i figure it out how I did wrong.

I just sign the .ko.xz file and thought that would work, which is absolutely wrong.
.ko.xz is a compress kernel file. in order to sign it.

I've to decompress it, sign the .ko file, and compress it back

HERE ARE THE STEPS
(1) first install your kernel module normally without dkms but sign is required.
exec fedora_v4l2loopback_and_signing.sh

(2) Initial build with dkms file to produce kernel module files (v4l2loopback.ko.xz)
dkms build -m v4l2loopback -v 0.12.5

(3) sign the kernel module in the DKMS directroy </var/lib/dkms/v4l2loopback/kernel-"$(uname -r)"/module>
xz -d *.ko.xz
/usr/src/kernels/"$(uname -r)"/scripts/sign-file sha256 /root/.ssh/mokutil-module-signing/MOK.priv /root/.ssh/mokutil-module-signing/MOK.der *.ko
xz -z *.ko

(4) Finally, install the module to dkms
dkms install -m v4l2loopback -v 0.12.5

(5) check if it's installed already
dkms status

just that simple, took me hours to figure it out. How stupid I am.

Everything is working

modprobe: FATAL: Module v4l2loopack not found in directory /lib/modules/5.17.11-300.fc36.x86_64

Sorry, I bring bad news. I just fresh install again.

And use that script you post here yesterday.

It does not generate a private key in the directory, it ask me to enroll the key but after reboot and run the script again.

It still says private key not found and generate a new one.

Sorry, I bring bad news. I just fresh install again.

And use that script you post here yesterday.

It does not generate a private key in the directory, it ask me to enroll the key but after reboot and run the script again.

It still says private key not found and generate a new one.

Oh, I think I misunderstood what you were saying yesterday.

When you have issues, try the version from the 13 Feb. and please let me know (the version worked for OE1FEU-DF5JT)

when you said "changelog" and "try the version from 13Feb".

That change log wasn't about the 13Feb but you've updated the original one already.

I try the new one, it works now

my stupid mistake again haha

modprobe: FATAL: Module v4l2loopack not found in directory /lib/modules/5.17.11-300.fc36.x86_64

@Boffice Sorry, that's a little thin when it comes to troubleshooting.
Could you provide the outputs of

uname -r
ls /lib/modules
ls /lib/modules/$(uname -r)
ls /lib/modules/$(uname -r)/extra 

The make command should create a file called /lib/modules/"$(uname -r)"/extra/v4l2loopback.ko.xz

@2ndBillGates
Sorry you lost me, witch one is working now? the current one working fine?
If not provide me the output of mokutil --test-key "${mokutil_out_dir:-/root/.ssh/mokutil-module-signing/MOK.der}"
Key generation apparently working well here on F35

@2ndBillGates Sorry you lost me, witch one is working now? the current one working fine? If not provide me the output of mokutil --test-key "${mokutil_out_dir}:-/root/.ssh/mokutil-module-signing/MOK.der" Key generation apparently working well here on F35

yes the current one, working
Current

just that. sometimes mokutil manager is function weird.
MOK imports the key but shim does not boot.

I had that experience back then when I used arch and used mokutil to import my own key.
To make shim works again, had to turn off secure boot to delete the earlier imported key or enroll a new key.

modprobe: FATAL: Module v4l2loopack not found in directory /lib/modules/5.17.11-300.fc36.x86_64

@Boffice Sorry, that's a little thin when it comes to troubleshooting. Could you provide the outputs of

uname -r
ls /lib/modules/$(uname -r)
ls /lib/modules/$(uname -r)/extra 

The make command should create a file called /lib/modules/"$(uname -r)"/extra/v4l2loopback.ko.xz

probably, he run the script in older kernel version like5.17.5 and update to 5.17.11. And When he rebooted to the newer kernel, modprobe didn't not find v4l2lookback.

Still getting the same error on F36, kernel version 5.17.11. Ran the script. Rebooted and inserted the key.
What's next?

modprobe: ERROR: could not insert 'v4l2loopback': Key was rejected by service

plz provide the output of (expecting that the text changed)

mokutil --test-key /root/.ssh/mokutil-module-signing/MOK.der

when it is not trusted, run these 2 commands to do it manually (try again)

  mokutil --import /root/.ssh/mokutil-module-signing/MOK.der
  # you should see the key 
  mokutil --list-new

plz provide the output of (expecting that the text changed)

mokutil --test-key /root/.ssh/mokutil-module-signing/MOK.der

when it is not trusted, run these 2 commands to do it manually (try again)

  mokutil --import /root/.ssh/mokutil-module-signing/MOK.der
  # you should see the key 
  mokutil --list-new

Here is the result of the command

SKIP: /root/.ssh/mokutil-module-signing/MOK.der is already enrolled

2nd command where key is imported also shows the same message.
Listing devices shows nothing.

plz provide the output of (expecting that the text changed)

mokutil --test-key /root/.ssh/mokutil-module-signing/MOK.der

when it is not trusted, run these 2 commands to do it manually (try again)

  mokutil --import /root/.ssh/mokutil-module-signing/MOK.der
  # you should see the key 
  mokutil --list-new

Here is the result of the command

SKIP: /root/.ssh/mokutil-module-signing/MOK.der is already enrolled

2nd command where key is imported also shows the same message. Listing devices shows nothing.

(1) Are you installing v412loopback as a DKMS module?

(2) If you're not doing what (1) says, I recommend to remove the installed modules and run the script again, to make sure the module is signed with the same public and private key.

modprobe -r v4l2loopback

(3) If (2) does not work, remove the enrolled key, removed build&installed modules, remove the created private key and public key, then, run the script again.

modprobe -r v4l2loopback
rm /lib/modules/$(uname -r)/extra/v4l2*.ko.xz
mokutil --delete /root/.ssh/mokutil-module-signing/MOK.der.
rm /root/.ssh/mokutil-module-signing -r

(4) if (2)(3ł does not work either, sign the built&installed module manually.

@2ndBillGates I haven't installed it has dkms as I could only found simple module v412loopbach from copr repo. Is it available as a package, or I should build it from source?

Edit: I don't have much knowledge of kernel modules and how they work.

@2ndBillGates I haven't installed it has dkms as I could only found simple module v412loopbach from copr repo. Is it available as a package, or I should build it from source?

Edit: I don't have much knowledge of kernel modules and how they work.

If you use this script, you shouldn't install module from copr repo, because the script will build from source for you anyway.

Bu normally, the script should also sign your copr module.

You may try uninstall the module which is installed from copr, then run the script again.

You can also try this method first: manually sign the module

First locate your installed v412loopback module

`ls "/lib/module/$(uname -r)/extra"

Does it show anything?

If you found v412loopback.ko.xz in here.
Try to use this command

xz -d v4l2loopback.ko.xz

/usr/src/kernels/"$(uname -r)"/scripts/sign-file sha256 /root/.ssh/mokutil-module-signing/MOK.priv /root/.ssh/mokutil-module-signing/MOK.der v4l2loopback.ko

xz -z *.ko

There is no README on this repo, so I have to ask what is the procedure to install v4l2loopback properly?
I'm trying to use the plugin on OBS studio by installing it on Fedora 36 simply using dnf install v4l2loopback
However, after installation, when I try to use it, it throws the error: modprobe: ERROR: could not insert 'v4l2loopback': Key was rejected by service
By searching the web, I found your repo. But I don't know what are the steps!
Saving your script and running it, then reboot the system, and then what?

@2ndBillGates maybe, could you setup a copr repo?

Related:

Just signed........

umlaeute/v4l2loopback#394 (comment)

Regards.,

@domrany64 Well, this is not a repo, it is just a gist, but you're right. should move this to one.
More or less just execute it.
The script checks for certain stuff (Is the module loaded, secure-boot enabled, is there a key, generated from the script and so on) and then does things in the right order.

• first run it, it will prompt you to do a reboot and enrol the key.
• After a reboot run it again, it will install the module
• then optional, run the script with the argument slr_as_webcam when you want to have the module automatically loaded and have 2 devices to be used with OBS.
  Whenever you installed a newer kernel version, you have to rerun the script.

Hello,
I am running Fedora 36 on Surface-Linux kernel.

uname -r 5.17.12-1.surface.fc36.x86_64
ls /lib/modules/$(uname -r)

bls.conf config kernel modules.alias.bin modules.builtin.alias.bin modules.builtin.modinfo modules.dep.bin modules.order modules.symbols source vmlinuz build extra modules.alias modules.builtin modules.builtin.bin modules.dep modules.devname modules.softdep modules.symbols.bin System.map

ls /lib/modules/$(uname -r)/extra v4l2loopback

Error while running modprobe - modprobe: ERROR: could not insert 'v4l2loopback': Key was rejected by service

Error While Installation:

/usr/src/v4l2loopback-v0.12.7 /home/boffice/tmp/cam rm -f *~ rm -f Module.symvers Module.markers modules.order make -C /lib/modules/uname -r/build M=/usr/src/v4l2loopback-v0.12.7 clean make[1]: Entering directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64' make[1]: *** No rule to make target 'clean'. Stop. make[1]: Leaving directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64' make: *** [Makefile:63: clean] Error 2 Building v4l2-loopback driver... make -C /lib/modules/uname -r`/build M=/usr/src/v4l2loopback-v0.12.7 modules
make[1]: Entering directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'
make[1]: *** No rule to make target 'modules'. Stop.
make[1]: Leaving directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'```
make: *** [Makefile:43: v4l2loopback.ko] Error 2

When you see 
  *** No rule to make target 'clean'.  Stop. 
Probably kernel-headers and kernel do not have the same version… Install, reboot and try again!
otherwise you could try running 'dnf donwgrade gcc' https://ask.fedoraproject.org/t/fedora-34-beta-and-oot-kmod-nvidia-virtualbox-v4l2loopback-etc/12778

[info] Cert Password:
[info] 8c2c882e4c6e
make -C /lib/modules/uname -r/build M=/usr/src/v4l2loopback-v0.12.7 modules_install
make[1]: Entering directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'
make[1]: *** No rule to make target 'modules_install'. Stop.
make[1]: Leaving directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'
make: *** [Makefile:47: install] Error 2
v4l2loopback
[info] Now Manually singing
[warn] there might be no file to sign. Please check /lib/modules/5.17.12-1.surface.fc36.x86_64/extra/v4l2loopback
[info] Cert Password:
[info] 8c2c882e4c6e
./key.sh: line 74: /usr/src/kernels/5.17.12-1.surface.fc36.x86_64/scripts/sign-file: No such file or directory
./key.sh: line 75: /usr/src/kernels/5.17.12-1.surface.fc36.x86_64/scripts/sign-file: No such file or directory
[info] finished signing_ko
/home/boffice/tmp/cam
modprobe: ERROR: could not insert 'v4l2loopback': Key was rejected by service
filename: /lib/modules/5.17.12-1.surface.fc36.x86_64/extra/v4l2loopback/v4l2loopback.ko.xz
license: GPL
author: Vasily Levin, IOhannes m zmoelnig zmoelnig@iem.at,Stefan Diewald,Anton Novikovet al.
description: V4L2 loopback video device
rhelversion: 9.99
depends: videodev
retpoline: Y
name: v4l2loopback
vermagic: 5.17.12-1.surface.fc36.x86_64 SMP preempt mod_unload
parm: debug:debugging level (higher values == more verbose) (int)
parm: max_buffers:how many buffers should be allocated (int)
parm: max_openers:how many users can open loopback device (int)
parm: devices:how many devices should be created (int)
parm: video_nr:video device numbers (-1=auto, 0=/dev/video0, etc.) (array of int)
parm: card_label:card labels for every device (array of charp)
parm: exclusive_caps:whether to announce OUTPUT/CAPTURE capabilities exclusively or not (array of bool)
parm: max_width:maximum frame width (int)
parm: max_height:maximum frame height (int)

Hello, I am running Fedora 36 on Surface-Linux kernel.

uname -r 5.17.12-1.surface.fc36.x86_64 ls /lib/modules/$(uname -r)
bls.conf config kernel modules.alias.bin modules.builtin.alias.bin modules.builtin.modinfo modules.dep.bin modules.order modules.symbols source vmlinuz build extra modules.alias modules.builtin modules.builtin.bin modules.dep modules.devname modules.softdep modules.symbols.bin System.map

ls /lib/modules/$(uname -r)/extra v4l2loopback

Error while running modprobe - modprobe: ERROR: could not insert 'v4l2loopback': Key was rejected by service

Error While Installation:

/usr/src/v4l2loopback-v0.12.7 /home/boffice/tmp/cam rm -f *~ rm -f Module.symvers Module.markers modules.order make -C /lib/modules/uname -r/build M=/usr/src/v4l2loopback-v0.12.7 clean make[1]: Entering directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64' make[1]: *** No rule to make target 'clean'. Stop. make[1]: Leaving directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64' make: *** [Makefile:63: clean] Error 2 Building v4l2-loopback driver... make -C /lib/modules/uname -r`/build M=/usr/src/v4l2loopback-v0.12.7 modules
make[1]: Entering directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'
make[1]: *** No rule to make target 'modules'. Stop.
make[1]: Leaving directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'```
make: *** [Makefile:43: v4l2loopback.ko] Error 2

When you see 
  *** No rule to make target 'clean'.  Stop. 
Probably kernel-headers and kernel do not have the same version… Install, reboot and try again!
otherwise you could try running 'dnf donwgrade gcc' https://ask.fedoraproject.org/t/fedora-34-beta-and-oot-kmod-nvidia-virtualbox-v4l2loopback-etc/12778

[info] Cert Password:
[info] 8c2c882e4c6e
make -C /lib/modules/uname -r/build M=/usr/src/v4l2loopback-v0.12.7 modules_install
make[1]: Entering directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'
make[1]: *** No rule to make target 'modules_install'. Stop.
make[1]: Leaving directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'
make: *** [Makefile:47: install] Error 2
v4l2loopback
[info] Now Manually singing
[warn] there might be no file to sign. Please check /lib/modules/5.17.12-1.surface.fc36.x86_64/extra/v4l2loopback
[info] Cert Password:
[info] 8c2c882e4c6e
./key.sh: line 74: /usr/src/kernels/5.17.12-1.surface.fc36.x86_64/scripts/sign-file: No such file or directory
./key.sh: line 75: /usr/src/kernels/5.17.12-1.surface.fc36.x86_64/scripts/sign-file: No such file or directory
[info] finished signing_ko
/home/boffice/tmp/cam
modprobe: ERROR: could not insert 'v4l2loopback': Key was rejected by service
filename: /lib/modules/5.17.12-1.surface.fc36.x86_64/extra/v4l2loopback/v4l2loopback.ko.xz
license: GPL
author: Vasily Levin, IOhannes m zmoelnig zmoelnig@iem.at,Stefan Diewald,Anton Novikovet al.
description: V4L2 loopback video device
rhelversion: 9.99
depends: videodev
retpoline: Y
name: v4l2loopback
vermagic: 5.17.12-1.surface.fc36.x86_64 SMP preempt mod_unload
parm: debug:debugging level (higher values == more verbose) (int)
parm: max_buffers:how many buffers should be allocated (int)
parm: max_openers:how many users can open loopback device (int)
parm: devices:how many devices should be created (int)
parm: video_nr:video device numbers (-1=auto, 0=/dev/video0, etc.) (array of int)
parm: card_label:card labels for every device (array of charp)
parm: exclusive_caps:whether to announce OUTPUT/CAPTURE capabilities exclusively or not (array of bool)
parm: max_width:maximum frame width (int)
parm: max_height:maximum frame height (int)

I'm also using fedora 36 and surface kernel

It appears that your module is still not signed yet. also you don't have the sign-file script in your system.
./key.sh: line 74: /usr/src/kernels/5.17.12-1.surface.fc36.x86_64/scripts/sign-file: No such file or directory
Have you installed package kernel-surface-devel yet?

once you're installed try to manual sign the module with the step I provided above.
I had posted more details in this thread as well, look it up.

Also, if you want to install module to Surface Kernel. check this out
https://github.com/linux-surface/linux-surface/issues/803#issuecomment-1128410963

sorry for the broken link
Here