I'm having trouble loading ec_sys kernel module (in-tree, under drivers/acpi) that I myself compiled and signed. I'm running Debian 11 with Secure Boot, kernel 5.10.0-14-amd64.
Disclaimer: Please bear in mind that this the very first time I touched kernel code so I realize the things I'm doing are probably 'hacky' at best and perhaps just plain wrong. Any advice is appreciated.
In short, the problem is that when I run
Code: Select all
sudo modprobe -f ec_sys
dmesg yields the following:modprobe: ERROR: could not insert 'ec_sys': Operation not permitted
I did some research on kernel lockdown and as far as I know all that would be fine, if that were an unsigned module, but I did actually sign it following Debian's official documentation on Secure Boot:Lockdown: modprobe: unsigned module loading is restricted; see man kernel_lockdown.7
https://wiki.debian.org/SecureBoot
I figured that I must be doing something terribly wrong regarding the module compilation, because I think the signing process is pretty straightforward and I had no trouble grasping it - which I can't really say about building the module.
Consequently, below are the steps I performed to build the module prior to enrolling MOK and the signing process.
With help from https://kernel-team.pages.debian.net/ke ... tasks.html:
Code: Select all
# Got the source code
apt source linux
cd linux-5.10.113
# Generate .config
make localmodconfig
# Enable ec_sys in menuconfig (or just set CONFIG_ACPI_EC_DEBUGFS=m in .config)
make menuconfig
# Prepare modules
make modules_prepare
# Build acpi modules as they're the only ones of interest to me
make modules M=drivers/acpi
As a consequence, running modprobe without -f flag causes this error to appear instead of the originally mentioned one:WARNING: Symbol version dump "Module.symvers" is missing. Modules may not have dependencies or modversions.
MODPOST drivers/acpi/Module.symvers
WARNING: modpost: Symbol info of vmlinux is missing. Unresolved symbol check will be entirely skipped.
If I understand it correctly, getting rid of that error would require compilation of the entire kernel which is something I would like to avoid, thus the (possibly temporary) force solution.modprobe: ERROR: could not insert 'ec_sys': Exec format error
Afterwards I copied to module to /lib/modules/$(uname -r), enrolled new MOK and signed the module.
That would be all. As I said, any advice is appreciated.