my experience with kernel lockdown and eBFP
I’m running Ubuntu Linux on Dell Latitude 7390 and was extremely baffled when suddenly I couldn’t run any of eBPF tools. Even running as root I received this:
Error creating map: '@curfreq': Operation not permitted Error creating map: '@process_mhz': Operation not permitted Error creating map: '@system_mhz': Operation not permitted Error creating printf map: Operation not permitted Creation of the required BPF maps has failed. Make sure you have all the required permissions and are not confined (e.g. like snapcraft does). `dmesg` will likely have useful output for further troubleshooting
Quick googling pointed me to the root cause – kernel lockdown, the mode which is activated by Secureboot. In the past it was still possible to disable lockdown from command line:
echo 1 > /proc/sys/kernel/sysrq echo x > /proc/sysrq-trigger
But now this option has been disabled and it’s no longer possible to turn lockdown off through sysrq-trigger. If you try these two commands today nothing would change except for the following message in dmesg:
[Sun Mar 15 14:07:19 2020] This sysrq operation is disabled from userspace.
As far as I know there are three options left:
1. Disable secure boot in UEFI
2. Use Alt+SysRq everytime after reboot
3. sudo mokutil –disable-validation
As a dirty hack I’ve used Alt+SysRq option so far. Btw, to initiate Alt+SysRq on Dell 7390 I had to:
1. Press Fn+Esc to enable function keys
2. Press Alt+PrtScr+x to disable lockdown
Check dmesg to confirm it worked:
[Sun Mar 15 14:11:28 2020] sysrq: Disabling Secure Boot restrictions [Sun Mar 15 14:11:28 2020] Lifting lockdown
Finally, I’d highly recommend to read Brendan Gregg’s comment regarding lockdown and it’s impact.
Stay cool and stay unlocked!