Problems with secureboot

I’m using the latest version of Kicksecure, today I installed the update, after which I received a notification,

1836×333 44.4 KB

2830×583 63.6 KB

3684×165 14.6 KB

I did everything according to the instructions, clicked reset secure boot mok, then I rebooted the computer and clicked enroll secure boot mok. then I checked the sudo mokutil --list-enrolled | grep DKMS received the message Subject: CN=DKMS module signing key After adding the key, I still get the message I did everything according to the instructions, clicked reset secure boot mok, then I rebooted the computer and clicked enroll secure boot mok. then I checked the sudo mokutil --list-enrolled | grep DKMS received the message Subject: CN=DKMS module signing key After adding the key, I still get the message

failed-to-start-systemd-modules-load-service-load-kernel-v0-tjppa9iez4pc1-26721681391080×194 20.1 KB

To investigate, please consider running the following command and posting the output here.

sudo journalctl -b --no-pager -u systemd-modules-load.service

(As per Daemon Log View.)

% sudo journalctl -b --no-pager -u systemd-modules-load.service
[sudo] пароль для user:
Feb 01 09:59:41 localhost systemd-modules-load[384]: Module ‘jitterentropy_rng’ is built in
Feb 01 09:59:42 localhost systemd-modules-load[384]: Failed to insert module ‘tirdad’: Key was rejected by service
Feb 01 09:59:42 localhost systemd-modules-load[384]: Inserted module ‘msr’
Feb 01 09:59:42 localhost systemd[1]: systemd-modules-load.service: Main process exited, code=exited, status=1/FAILURE
Feb 01 09:59:42 localhost systemd[1]: systemd-modules-load.service: Failed with result ‘exit-code’.
Feb 01 09:59:42 localhost systemd[1]: Failed to start systemd-modules-load.service - Load Kernel Modules.
Feb 01 09:59:56 localhost systemd-modules-load[1145]: Module ‘jitterentropy_rng’ is built in
Feb 01 09:59:56 localhost systemd-modules-load[1145]: Inserted module ‘tirdad’
Feb 01 09:59:56 localhost systemd[1]: Finished systemd-modules-load.service - Load Kernel Modules.
[user ~]%

In a sysmaint session, could you run sudo /usr/sbin/rebuild-dkms-modules and share the output here? This looks like the DKMS modules didn’t get rebuild after the new key was enrolled.

Feb 01 09:59:41 localhost systemd-modules-load[384]: Module ‘jitterentropy_rng’ is built in
Feb 01 09:59:42 localhost systemd-modules-load[384]: Failed to insert module ‘tirdad’: Key was rejected by service
Feb 01 09:59:42 localhost systemd-modules-load[384]: Inserted module ‘msr’
Feb 01 09:59:42 localhost systemd[1]: systemd-modules-load.service: Main process exited, code=exited, status=1/FAILURE
Feb 01 09:59:42 localhost systemd[1]: systemd-modules-load.service: Failed with result ‘exit-code’.
Feb 01 09:59:42 localhost systemd[1]: Failed to start systemd-modules-load.service - Load Kernel Modules.
Feb 01 09:59:56 localhost systemd-modules-load[1145]: Module ‘jitterentropy_rng’ is built in
Feb 01 09:59:56 localhost systemd-modules-load[1145]: Inserted module ‘tirdad’
Feb 01 09:59:56 localhost systemd[1]: Finished systemd-modules-load.service - Load Kernel Modules.

I think those are the same logs you shared earlier. I was asking for the output of a different command.

rebuild-dkms-modules [NOTICE]: Rebuilding DKMS modules…
rebuild-dkms-modules [NOTICE]: DKMS module status info: name: ‘tirdad/0.1’, kernel: ‘6.12.57+deb13-amd64’, status: ‘installed’
rebuild-dkms-modules [NOTICE]: Rebuilding DKMS module ‘tirdad/0.1’ for kernel ‘6.12.57+deb13-amd64’…
Sign command: /lib/modules/6.12.57+deb13-amd64/build/scripts/sign-file
Signing key: /var/lib/dkms/mok.key
Public certificate (MOK): /var/lib/dkms/mok.pub

Building module(s)… done.
Signing module /var/lib/dkms/tirdad/0.1/build/module/tirdad.ko
Module tirdad/0.1 for kernel 6.12.57+deb13-amd64 (x86_64):
Before uninstall, this module version was ACTIVE on this kernel.
Deleting /lib/modules/6.12.57+deb13-amd64/updates/dkms/tirdad.ko.xz
Running depmod… done.

Installing /lib/modules/6.12.57+deb13-amd64/updates/dkms/tirdad.ko.xz
Running depmod… done.
rebuild-dkms-modules [NOTICE]: Successfully rebuilt DKMS module ‘tirdad/0.1’ for kernel ‘6.12.57+deb13-amd64’.
rebuild-dkms-modules [NOTICE]: DKMS module status info: name: ‘tirdad/0.1’, kernel: ‘6.12.63+deb13-amd64’, status: ‘installed’
rebuild-dkms-modules [NOTICE]: Rebuilding DKMS module ‘tirdad/0.1’ for kernel ‘6.12.63+deb13-amd64’…
Sign command: /lib/modules/6.12.63+deb13-amd64/build/scripts/sign-file
Signing key: /var/lib/dkms/mok.key
Public certificate (MOK): /var/lib/dkms/mok.pub

Building module(s)… done.
Signing module /var/lib/dkms/tirdad/0.1/build/module/tirdad.ko
Module tirdad/0.1 for kernel 6.12.63+deb13-amd64 (x86_64):
Before uninstall, this module version was ACTIVE on this kernel.
Deleting /lib/modules/6.12.63+deb13-amd64/updates/dkms/tirdad.ko.xz
Running depmod… done.

Installing /lib/modules/6.12.63+deb13-amd64/updates/dkms/tirdad.ko.xz
Running depmod… done.
rebuild-dkms-modules [NOTICE]: Successfully rebuilt DKMS module ‘tirdad/0.1’ for kernel ‘6.12.63+deb13-amd64’.
rebuild-dkms-modules [NOTICE]: Done rebuilding DKMS modules.

Hmm, that looks like it worked. Does the issue still occur if you reboot again?

Also received this error after updating - ran command to rebuild DKMS module as suggested above and all good after reboot.

I guess this means either the documentation or the code has a bug when it comes to rebuilding DKMS modules after making a new key. Will investigate further

The problem remains, please help fix it.

I have little experience. Can you tell us in detail what you did? Did you reinstall the key?

yes - ran “sudo /usr/sbin/rebuild-dkms-modules" as suggested above.

Can you try running sudo dracut --force and see if that fixes it? Maybe kernel modules are being embedded into the initramfs and failing to load, but then successfully loading once the system fully boots. If so, that command should fix the issue.