I am trying to modprobe wireguard as root, and it fails with:
modprobe: ERROR: could not insert 'wireguard': Operation not permitted
Adding verbose I get one more line:
[root@localhost ben]# insmod /lib/modules/5.2.11-100.fc29.x86_64/extra/wireguard.ko.xz
insmod: ERROR: could not insert module /lib/modules/5.2.11-100.fc29.x86_64/extra/wireguard.ko.xz: Operation not permitted
dkms runs fine without error. I've also disabled selinux and that made no difference. I don't see anything in the journalctl logs.
Looking through man pages and Google have not turned anything up.
I did find this helpful line in dmesg:
Lockdown: modprobe: Loading of unsigned module is restricted; see man kernel_lockdown.7
However that man page does not exist.
How can I debug this? Any pointers on where to go next?
Best Answer
Finally found something on it. It appears to be a "feature" where unsigned code can't be loaded into the kernel when UEFI secure boot is enabled (which it is).
To get the module loading, disable kernel lockdown via sys-rq:
Then
modprobeshould work:For more information, see:
https://mjg59.dreamwidth.org/50577.html
https://bugzilla.redhat.com/show_bug.cgi?id=1599197