help: how to load kernel module without disable the lockdown

[zhuizhuhaomeng]

We need to load the kernel module developed by ourselves.
But when we can not load the module by insmod cmd, the error message is:

insmod: ERROR: could not insert module lkm_example.ko: Operation not permitted

I have tried to sign the kernel module, but mokutil returns error:

$ mokutil --import MOK.der
EFI variables are not supported on this system

I really appreciate any help you can provide.

[elsaco]

@zhuizhuhaomeng to use mokutil the system must be booted in uefi mode. Check if /sys/firmware/efi is present.

[zhuizhuhaomeng]

@elsaco there are not /sys/firmware/efi present.
Are there any way to load my own ko?

[mfrw]

/cc @christopherco

[zcobol]

@zhuizhuhaomeng the answer is here #4797 (comment)

Sample run:

zcobol@mariner [ ~/test ]$ mokutil --sb-state
SecureBoot enabled
zcobol@mariner [ ~/test ]$ sudo dmesg -C
zcobol@mariner [ ~/test ]$ sudo insmod hello-world.ko 
zcobol@mariner [ ~/test ]$ sudo dmesg
[ 1945.757062] Hello world
zcobol@mariner [ ~/test ]$ lsmod | grep hello
hello_world            16384  0
zcobol@mariner [ ~/test ]$ sudo rmmod hello_world
zcobol@mariner [ ~/test ]$ sudo dmesg
[ 1945.757062] Hello world
[ 1977.632256] bye bye kernel