I've decided to share my problem and a possible solution to this issue described above.
What's the problem
$ sudo systemctl status isw@<TAB>
FileNotFoundError: [Errno 2] No such file or directory: '/sys/kernel/debug/ec/ec0/io'
$ sudo modprobe ec_sys
modprobe: ERROR: could not insert 'ec_sys': Operation not permitted
$ sudo dmesg | grep -B1 ec_sys
[ 14.628156] Lockdown: systemd-modules: unsafe module parameters is restricted; see man kernel_lockdown.7
[ 14.628578] ec_sys: `1' invalid for parameter `write_support'
$ man kernel_lockdown.7
The Kernel Lockdown feature is designed to prevent both direct and indirect
access to a running kernel image, attempting to protect against unauthorized
modification of the kernel image and to prevent access to security and cryptographic
data located in kernel memory, whilst still permitting driver modules to be loaded.
Research
After some research, I've found out that disabling Secure Boot from BIOS could be an option. That's not what I like (but you might be OK with it).
download .deb and install (which didn't work for me) or install manually from source code (which did work)
Example deb installation:
cd /opt
sudo wget https://github.com/musikid/acpi_ec/releases/download/v1.0.2/acpi-ec_1.0.2_all.deb
sudo dpkg -i acpi-ec_1.0.2_all.deb # Didn't work for me ..
sudo reboot
Example source-code installation:
sudo -i
cd /opt
git clone https://github.com/musikid/acpi_ec.git
cd acpi_ec
# Make sure your env is clean
./uninstall.sh &>/dev/null
apt remove -y acpi-ec 2>/dev/null
# Perform installation
./install.sh
# In my case, I needed to run the keys-setup.sh
scripts/keys-setup.sh
reboot
# In grub, enroll the MOK using the password you chose
# Then, run the signing procedure
sudo /usr/src/linux-headers-5.19.0-21-generic/scripts/sign-file sha512 /opt/scripts/mok.priv /opt/scripts/mok.der /var/lib/dkms/acpi_ec/v1.0.2/5.19.0-21-generic/x86_64/module/acpi_ec.ko
sudo /usr/src/linux-headers-5.19.0-21-generic/scripts/sign-file sha512 /opt/scripts/mok.priv /opt/scripts/mok.der /usr/lib/modules/5.19.0-21-generic/updates/dkms/acpi_ec.ko
sudo reboot
After reboot, verify you can see the /dev/ec socket. If so, you have two options:
edit the /usr/bin/isw python script to point there
create symlink from the expected path to point there
I'm unsure it would survive in /sys/kernel/debug after reboot, slight modification of isw systemd file could be an option
It works for me 🎉 :
Cleanup
Don't forget to clean-up your setup:
remove /etc/modules-load.d/isw-ec_sys.conf file (which tries to import broken ec_sys module)
you might have it in /etc/modules-load.d/modules.conf (then just remove the line)
remove ec_sys.write_support=1 from /etc/default/grub and run update-grub2
Hi,
I've decided to share my problem and a possible solution to this issue described above.
What's the problem
Research
After some research, I've found out that disabling Secure Boot from BIOS could be an option. That's not what I like (but you might be OK with it).
What seems to be a good solution for me is to use this module: https://github.com/MusiKid/acpi_ec
/dev/ecfile socketInstallation procedure
.deband install (which didn't work for me) or install manually from source code (which did work)Example
debinstallation:Example source-code installation:
After reboot, verify you can see the
/dev/ecsocket. If so, you have two options:/usr/bin/iswpython script to point there/sys/kernel/debugafter reboot, slight modification of isw systemd file could be an optionIt works for me 🎉 :
Cleanup
Don't forget to clean-up your setup:
/etc/modules-load.d/isw-ec_sys.conffile (which tries to import brokenec_sysmodule)/etc/modules-load.d/modules.conf(then just remove the line)ec_sys.write_support=1from/etc/default/gruband runupdate-grub2