Hi, Christian wrote: > [ 47.042454] Lockdown: Xorg: raw io port access is restricted; see man > kernel_lockdown.7 > I think it's still SecureBoot, but what is it this time? Can anyone help
At least the above log snippet seems to be related to SecureBoot. In https://manpages.debian.org/bookworm/manpages/kernel_lockdown.7.en.html i see "On an EFI-enabled x86 or arm64 machine, lockdown will be automatically enabled if the system boots in EFI Secure Boot mode. Coverage When lockdown is in effect, a number of features are disabled or have their use restricted. This includes special device files and kernel services that allow direct access of the kernel image:" [...] NOTES The Kernel Lockdown feature is enabled by CONFIG_SECURITY_LOCKDOWN_LSM. The lsm=lsm1,...,lsmN command line parameter controls the sequence of the initialization of Linux Security Modules. It must contain the string lockdown to enable the Kernel Lockdown feature. If the command line parameter is not specified, the initialization falls back to the value of the deprecated security= command line parameter and further to the value of CONFIG_LSM." So i guess you have to look into your boot configuration for kernel parameter "lockdown". On https://bbs.archlinux.org/viewtopic.php?id=290866 i see this statement by espritlibre: "Re: Secure boot and Nvidia i have secure boot enabled, but lockdown disabled (for another reason). loading the nvidia module does taint the kernel, but loads and work just fine with prime-run on a hybrid systme. i'm not signing OOT modules, just kernel and efi stuff." (Whatever "prime-run" might be ...) Have a nice day :) Thomas
