Some problem as described here:
The modules installed by virtualbox-kmp-default (repo-oss) are already signed, but cannot be loaded:
/sbin/modinfo /lib/modules/6.12.0-160000.28-default/updates/vboxvideo.ko
filename: /lib/modules/6.12.0-160000.28-default/updates/vboxvideo.ko
version: 7.2.6 r172322
license: GPL and additional rights
description: $(VBOX_VENDOR_SHORT) VirtualBox Graphics Card
author: Oracle and/or its affiliates
suserelease: SLFO-1.2
srcversion: 641BD6D3D9054DDFA5172FE
alias: pci:v000080EEd0000BEEFsv*sd*bc*sc*i*
depends: ttm,drm_ttm_helper
supported: no
name: vboxvideo
retpoline: Y
vermagic: 6.12.0-160000.28-default SMP preempt mod_unload modversions
sig_id: PKCS#7
signer: openSUSE Secure Boot CA
sig_key: FA:BE:D8:BF:40:9A:5E:66
sig_hashalgo: sha256
signature: 38:8C:80:8B:02:03:6B:F0:89:D7:4D:16:5E:E6:15:C9:F6:33:22:5F:
6C:CD:76:99:13:FD:55:06:46:A9:8E:C5:45:5E:EB:00:AF:B3:7C:11:
61:19:AD:48:D0:1E:4D:2E:EB:7C:9D:33:1A:74:08:F2:2F:50:2E:AB:
E9:E8:82:F6:80:76:D3:4C:4D:06:E8:5A:28:25:6B:AF:A3:A8:1A:6F:
B3:79:C0:33:5B:04:77:0F:B9:A2:48:75:95:36:EA:E7:AF:15:05:30:
A2:2D:D2:46:97:74:61:52:BC:8E:B9:AA:B4:DA:5D:6E:39:89:99:7E:
33:75:C2:1B:6D:3E:13:64:33:23:CB:1F:EC:41:43:1D:62:B0:93:8B:
2B:B4:4C:60:46:01:F3:94:7C:B7:37:3E:27:A2:51:90:4B:D0:6F:9B:
C6:E5:D5:2D:F0:78:C1:FD:40:05:08:FE:A7:BD:3B:74:68:8D:7E:18:
6A:04:44:C1:2F:43:1E:B7:39:71:19:9E:27:B3:37:F3:18:07:3D:1F:
90:7C:AF:C5:85:D2:00:D1:23:70:A4:07:DA:2D:9D:70:3E:F3:FC:E3:
07:DC:87:A6:88:38:19:1F:FF:95:E5:52:4A:F0:3E:5B:D1:39:02:1D:
40:EF:FB:6B:76:15:A8:78:9E:A7:77:A8:11:DB:AA:1B
parm: disabled:Disable automatic module loading (int)
parm: modeset:Disable/Enable modesetting (int)
insmod: ERROR: could not insert module /lib/modules/6.12.0-160000.28-default/updates/vboxvideo.ko: Key was rejected by service
The package openSUSE-signkey-cert is already installed and the certificate has successfully been enrolled by mokutil:
[key 9]
Owner: 605dab50-e046-4300-abb6-3dd810dd8b23
SHA1 Fingerprint: 1f:67:32:97:da:56:8a:e0:de:df:db:7c:8c:c6:8f:9e:cb:85:72:75
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
fa:be:d8:bf:40:9a:5e:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=openSUSE Secure Boot CA, C=DE, L=Nuremberg, O=openSUSE Project/emailAddress=build@opensuse.org
Validity
Not Before: Jun 13 13:22:16 2022 GMT
Not After : Apr 21 13:22:16 2032 GMT
Subject: CN=openSUSE Secure Boot Signkey, C=DE, L=Nuremberg, O=openSUSE Project/emailAddress=build@opensuse.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b2:29:40:7e:ad:9f:73:5e:44:6a:e4:56:0a:f3:
6e:7a:05:49:68:3f:b2:4f:13:41:82:3d:dd:80:c4:
f1:cb:11:06:48:fd:a5:90:19:0e:91:7d:da:6e:98:
ee:97:e1:43:90:bc:78:e5:30:c0:19:91:c6:3f:dc:
29:e0:af:a3:d8:41:84:dd:fd:90:19:cf:d1:4d:1f:
1f:97:84:e5:64:81:93:6f:87:d8:34:f9:4d:e1:8a:
87:7e:69:c6:a3:d4:5c:6c:b3:e7:01:6d:21:d5:46:
94:37:92:3b:e5:ef:15:bf:36:49:ed:8c:48:98:67:
04:ed:00:1c:c3:f4:8d:da:a6:f0:ce:95:3b:03:95:
79:86:fd:f5:84:c9:70:24:69:82:59:8c:86:59:2a:
ca:d0:a0:86:60:0b:5d:d9:fc:01:c2:39:73:0b:88:
9e:47:83:1b:29:ec:8d:82:66:81:a0:0e:5a:1e:95:
97:60:f5:1e:f0:b3:27:66:d5:13:0f:31:df:8e:9b:
b7:40:0a:cd:2f:22:31:8a:49:e5:30:cb:59:f5:79:
eb:92:fa:2d:35:6a:9e:2d:48:3c:67:e9:a4:3b:4e:
77:d2:fb:a1:cf:ff:4a:e7:c6:31:6a:69:61:3f:05:
04:38:c3:aa:e3:52:9d:78:7c:d1:01:3e:bd:61:d5:
17:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FD:9F:2C:12:E5:99:D6:7C:C7:F9:06:75:41:AD:F4:26:B7:12:46:9E
X509v3 Authority Key Identifier:
keyid:68:42:60:0D:E2:2C:4C:47:7E:95:BE:23:DF:EA:95:13:E5:97:17:62
DirName:/CN=openSUSE Secure Boot CA/C=DE/L=Nuremberg/O=openSUSE Project/emailAddress=build@opensuse.org
serial:01
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
Code Signing
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
5b:93:17:61:67:e9:2b:4a:f2:54:30:5d:5c:63:cb:5a:93:91:
80:a8:7a:25:3e:27:4b:bb:d4:e4:15:b9:7d:7d:43:21:cd:1f:
84:4f:6a:3e:6c:70:31:7e:f8:3a:35:d9:df:9d:b4:35:f5:75:
8e:b0:20:fd:d9:b2:cd:41:ae:e2:9c:af:99:37:d1:6f:05:f0:
78:39:c6:d6:dd:f3:6f:43:d4:d6:7b:5f:cd:18:6d:c2:77:d0:
1a:6d:74:78:80:99:34:a4:f0:c6:9f:43:f5:c6:ba:8c:83:f4:
a5:02:57:8a:54:52:05:2a:99:a7:0d:29:34:13:de:5f:91:41:
f3:b0:c1:26:70:e4:a6:cc:55:ec:5a:f3:47:e5:e3:21:9c:05:
7c:11:8d:79:cc:90:74:20:62:09:7b:46:51:4e:de:0d:32:aa:
b4:84:cb:d1:6c:f0:27:5f:21:78:52:ac:97:0b:5c:a0:44:a2:
eb:14:92:8e:c5:43:b2:4d:20:c8:bc:5b:1a:50:09:cb:45:5e:
11:bd:58:86:52:55:6e:f6:62:09:c1:18:ab:95:be:53:e4:b7:
d7:cd:3b:53:eb:33:d6:70:7e:cc:0c:9c:ec:91:11:26:04:87:
c0:f2:b4:d9:5c:0d:95:8f:bd:e7:9f:15:f7:92:e4:a7:e1:99:
45:23:49:10
For me it looks like the serial number of the enrolled key does slightly differ from the sig_key field in the modinfo output:
- Serial number of enrolled key (by
mokutil --list-enrolled): fa:be:d8:bf:40:9a:5e:65 sig_keyfield (bymodinfo): FA:BE:D8:BF:40:9A:5E:66
Is the serial number important? How can I further debug the reason why the VirtualBox modules cannot be loaded?
If course I could try installing VirtualBox from the virtualization repo, but I would expect that the released version also works.