BCM4352 driver for current kernels

After upgrading some Lenovo Yoga 3 Pro 1370 laptops from Leap-15.1 to 15.2 (zypper dup and a clean install from iso image), I can only enable the Brodcom wireless module by reverting to the Leap-15.1 kernel-default and broadcom-wl-kmp packages.

I have tried Packnan, Sauerland and my own rebuild of the broadcom-wl package with the kernel-default versions 4.12.14-lp151.28.91.1, 5.3.18-lp152.63.1 and 5.11.0-2.1.gc2f4372

I would really appreciate suggestions to getting these machines working with the Leap-16.2-update kernels.

Booting Leap-15.2 with its own kernel


yoga3:~ # 
yoga3:~ # uname -sr
Linux 5.3.18-lp152.63-default

yoga3:~ # zypper se -si broadcom-wl
Loading repository data...
Reading installed packages...

S  | Name                    | Type    | Version                                    | Arch   | Repository
---+-------------------------+---------+--------------------------------------------+--------+---------------
i+ | broadcom-wl             | package | 6.30.223.271-lp152.129.16                  | x86_64 | 15.2-sauerland
i+ | broadcom-wl-kmp-default | package | 6.30.223.271_k5.3.18_lp152.63-lp152.129.16 | x86_64 | 15.2-sauerland

yoga3:~ # modprobe wl
modprobe: ERROR: could not insert 'wl': Operation not permitted

yoga3:~ # inxi -n
Network:   Device-1: Broadcom BCM4352 802.11ac Wireless Network Adapter driver: N/A 
           Device-2: ASIX AX88772 type: USB driver: asix 
           IF: eth0 state: up speed: 100 Mbps duplex: full mac: 00:0e:c6:cd:12:5b 

yoga3:~ # ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0e:c6:cd:12:5b brd ff:ff:ff:ff:ff:ff
yoga3:~ # 

Booting Leap-15.2 using the last 15.1 kernel and the ethernet cable unplugged. This is from this machine as I am writing this post…


yoga3:~ # uname -sr
Linux 4.12.14-lp151.28.91-default

yoga3:~ # zypper se -si broadcom-wl
Loading repository data...
Reading installed packages...

S  | Name                    | Type    | Version                                       | Arch   | Repository
---+-------------------------+---------+-----------------------------------------------+--------+---------------
i+ | broadcom-wl             | package | 6.30.223.271-lp152.129.16                     | x86_64 | 15.2-sauerland
i+ | broadcom-wl-kmp-default | package | 6.30.223.271_k4.12.14_lp151.28.91-pm151.14.14 | x86_64 | 15.1-packman

yoga3:~ # modprobe wl

yoga3:~ # inxi -n
Network:   Device-1: Broadcom BCM4352 802.11ac Wireless Network Adapter driver: wl 
           IF: wlan0 state: up mac: b0:10:41:f3:87:81 
           Device-2: ASIX AX88772 type: USB driver: asix 
           IF: eth0 state: down mac: 00:0e:c6:cd:12:5b 

yoga3:~ # ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:0e:c6:cd:12:5b brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DORMANT group default qlen 1000
    link/ether b0:10:41:f3:87:81 brd ff:ff:ff:ff:ff:ff
yoga3:~ #

Active repositories


yoga3:~ # zypper lr -Eu
Repository priorities are without effect. All enabled repositories share the same priority.

#  | Alias                   | Name                    | Enabled | GPG Check | Refresh | URI
---+-------------------------+-------------------------+---------+-----------+---------+-------------------------------------------------------------------------------------
 1 | 15.1-packman            | 15.1-packman            | Yes     | (r ) Yes  | Yes     | http://ftp.gwdg.de/pub/linux/packman/suse/openSUSE_Leap_15.1/
 2 | 15.2-oss                | 15.2-oss                | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/distribution/leap/15.2/repo/oss/
 3 | 15.2-packman            | 15.2-packman            | Yes     | (r ) Yes  | Yes     | http://ftp.gwdg.de/pub/linux/packman/suse/openSUSE_Leap_15.2/
 4 | 15.2-sauerland          | 15.2-sauerland          | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/repositories/home:/Sauerland/openSUSE_Leap_15.2_Update/
 5 | 15.2-update-oss         | 15.2-update-oss         | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/update/leap/15.2/oss
 6 | kernel-stable           | kernel-stable           | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/repositories/Kernel:/stable/standard/
18 | sauerland-kernel_stable | sauerland-kernel_stable | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/repositories/home:/Sauerland/Kernel_stable/
yoga3:~ # 

Is secureboot disabled?

I have
Yast2 > System > Boot Loader > Boot Code Okernel-default-5.3.18-lp152.63.1.x86_64ptions
and disabled “Enable Secure Boot Support” (it had been enabled)
Then trebooted using each of kernel-default-5.3.18-lp152.63.1.x86_64 and kernel-default-4.12.14-lp151.28.91.1.x86_64, together with the appropriate wl-kmp package.
Only the 4.12.14 kernel loads the wl driver.

secureboot in the Bios/UEFI

Vielen Dank

I disabled secure boot in the Bios. The wl driver loads and the network connects.
Can anyone explain why secure boot would prevent a kernel module from loading, but not for earlier kernels or other modules?


yoga3:~ # uname -sr                
Linux 5.3.18-lp152.63-default
yoga3:~ # zypper se -si broadcom-wl
Loading repository data...
Reading installed packages...

S  | Name                    | Type    | Version                                    | Arch   | Repository
---+-------------------------+---------+--------------------------------------------+--------+---------------
i+ | broadcom-wl             | package | 6.30.223.271-lp152.129.16                  | x86_64 | 15.2-sauerland
i+ | broadcom-wl-kmp-default | package | 6.30.223.271_k5.3.18_lp152.63-lp152.129.16 | x86_64 | 15.2-sauerland
yoga3:~ # inxi -n
Network:   Device-1: Broadcom BCM4352 802.11ac Wireless Network Adapter driver: wl 
           IF: wlan0 state: up mac: b0:10:41:f3:87:81 
           Device-2: ASIX AX88772 type: USB driver: asix 
           IF: eth0 state: down mac: 00:0e:c6:cd:12:5b 
yoga3:~ # ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:0e:c6:cd:12:5b brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DORMANT group default qlen 1000
    link/ether b0:10:41:f3:87:81 brd ff:ff:ff:ff:ff:ff
yoga3:~ # 

Maybe there was a key in from an old Repo in the EFI?
And the new one has a new key?

Module signature checking was turned on for 5.3 kernels (and later kernels).

Oops yes, not thinking about that…

Does that mean that only openSUSE signed kernel modules will work in secure boot mode with current kernels?

Also what is the point of the “Enable Secure Boot Support” option in YaST’s Boot Loader settings?

https://en.opensuse.org/openSUSE:UEFI
https://doc.opensuse.org/documentation/leap/reference/html/book-opensuse-reference/cha-uefi.html

There are ways of enrolling your own key and signing the modules yourself. See the links in the comment just before this.

Also what is the point of the “Enable Secure Boot Support” option in YaST’s Boot Loader settings?

This sets up booting so that you will still be able to boot if you enable secure-boot in the BIOS. Or, in more detail, with “Enable Secure Boot Support” then booting uses “shim”. If you don’t enable it, then booting uses grub directly without “shim”. Here “shim” (really “shim.efi”) is the software that handles secure boot validation (signature checking, etc).