Home / server / Questions / 1129117
Accepted
Zulakis
Asked: 2023-04-20 05:05:24 +0800 CST

Enabling wireguard log messages with secure boot / kernel lockdown enabled

  • 772

On fedora 37, I am trying to enable kernel log messages for wireguard by executing this command in a root-shell:

echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control

Unfortunately, this results in an error: operation not permitted: /sys/kernel/debug/dynamic_debug/control.

I can see in dmesg that the reason for this error is: debugfs access is restricted; see man kernel_lockdown.7.
Kernel lockdown is automatically enabled due to secure boot being enabled.

Is there any other way to enable the wireguard log messages with secure boot / kernel lockdown enabled, e.g. via kernel cmdline or modprobe options?

linux

1 Answers

  1. Best Answer

    To temporary enable wireguard kernel log messages, execute:

    sudo modprobe -r wireguard && sudo modprobe wireguard dyndbg

    reference: https://www.kernel.org/doc/html/v5.0/admin-guide/dynamic-debug-howto.html#debug-messages-at-module-initialization-time

    You can view the log message with sudo dmesg -T --follow | grep wireguard

    If you want to permanently enable wireguard kernel log messages, create a modprobe configuration /etc/modprobe.d/wireguard.conf with content options wireguard dyndbg and execute sudo modprobe -r wireguard && sudo modprobe wireguard

    • 2