Fixing 'ERROR: could not insert v4l2loopback: Key was rejected by service' when using linux-surface on Debian 11
I’m not sure exactly why, but a change in the way the Linux kernel handled some signed modules when the system uses SecureBoot (at least, something like that) meant that the cameras on my Surface stopped working.
The cameras aren’t amazing at the moment, but they are far better than having no camera at all.
Digging into the kernel.log, I see:
ERROR: could not insert 'v4l2loopback': Key was rejected by service
To fix it, you need to create and enroll a MOK key, then use it to sign the module. And, fortunately, that is easier that it sounds.
Create your own MOK keys
sudo openssl req -new -x509 -nodes -days 36500 -subj "/CN=DKMS modules"
-newkey rsa:2048 -keyout /root/mok.priv
-outform DER -out /root/mok.der
(This creates a key valid for 100 years.)
Configure dkms to use them to sign modules
Uncomment line sign_tool="/etc/dkms/sign_helper.sh" in /etc/dkms/framework.conf.
Enroll your MOK key:
mokutil --import /root/mok.der
It asks you for a password. Don’t worry; this means create a password, which you will use for MOK enrollment. (This stumped me for a bit.)
Reboot your computer and go through the UI for enrolling a MOK key. You’ll need the password you created earlier.
Install (and sign) v4l2loopback
With the MOK key enrolled, you can try to get v4l2loopback working again.
First, remove it (or check you have already removed it):
sudo apt remove v4l2loopback-dkms -y
Check if a directory v4l2loopback exists in /var/lib/dkms.
If so, remove it:
sudo dkms remove v4l2loopback/0.12.5 --all
(0.12.5 was the version I had; yours might differ.)
In doing this, it automatically deleted the directory, but if not (as indicated in one of the many posts I read, you might need to do it manually, with rm -r /var/lib/dkms/v4l2loopback/).
Then reinstall it:
sudo apt install v4l2loopback-dkms -y
It should be signed as part of the installation.
Test loading it with modprobe:
sudo modprobe v4l2loopback video_nr=42 card_label="virtualcam" exclusive_caps=1
If you don’t get an error, the kernel module has been loaded.
You may also like:
- There is no i in Teams. And rarely a Neil
- Working front and rear cameras on Debian 11 on a Surface Pro 6, SurfaceBook 2, and Surface Go
- PinePhone (Pro) keyboard case v. Planet Gemini v GPD Pocket 2: a photo comparison
- Installing Debian 11 on a Microsoft Surface Go: secure boot, mokutil, Wi-Fi, and libinih1
- Changing a (known) LUKS passphrase
- Brave browser: less privacy-respectful than I was expecting
- YouTube (and other video sites) without the irritations: integrating yt-dlp and jellyfin, with a web interface
- Adjusting the scroll speed of an Apple Magic Mouse on Debian 11
- Microsoft Surface Pro with Debian 11 Bullseye: emulating right-click on Type Cover trackpad
- Moving from macOS to Debian 11 Bullseye Linux: applications
- This one simple hack solved my Debian 11 Bluetooth audio problems
- Aztine 15.6 Portable Monitor with Debian 11 on a Surface Pro 6
- Auto-unlocking a LUKS volume on an SD card on boot with Debian 11 Bullseye
- Making a Mac Mini power up when power is restored: Debian 11 version
- Installing Debian 10 Linux on a Microsoft Surface Pro 6