Lockout setting problem in kernel 6.5.13-3-pve

T

thelogh

New Member
Jan 22, 2024
14
3
3
I need to set the lockdown parameter of the 6.5.13-3-pve kernel (I haven't tried on others) to "none" to use the "blktrace -a discard -d /dev/sda" command, because it currently gives me this error :
Thread 1 failed open /sys/kernel/debug/block/sda/trace1: 1/Operation not permitted
Thread 3 failed open /sys/kernel/debug/block/sda/trace3: 1/Operation not permitted
Thread 0 failed open /sys/kernel/debug/block/sda/trace0: 1/Operation not permitted
Thread 2 failed open /sys/kernel/debug/block/sda/trace2: 1/Operation not permitted
FAILED to start thread on CPU 0: 1/Operation not permitted
FAILED to start thread on CPU 1: 1/Operation not permitted
FAILED to start thread on CPU 2: 1/Operation not permitted
FAILED to start thread on CPU 3: 1/Operation not permitted
on dmesg = Lockdown: blktrace: debugfs access is restricted; see man kernel_lockdown.7

mokutil --sb-state
SecureBoot enabled

If I try to change the lockdown settings at boot, it accepts me as valid integrity, confidentiality
cat /sys/kernel/security/lockdown
none [integrity] confidentiality

but setting "none"
GRUB_CMDLINE_LINUX_DEFAULT="lockdown=none quiet"

the message "Malformed early option 'lockdown'" appears in the dmsg

What am I doing wrong to enable "debugfs" to do diagnostics?

https://git.proxmox.com/?p=mirror_u...c;hb=8d210c66485c73eb7ba7daf9c7a96356a58f5bad
 
You must log in or register to reply here.
Top Bottom