Kicksecure: tirdad and lkrg - modules get rejected by service

Setup: Debian 11 amd64 + Kicksecure overlay

Hi,

after installing lkrg, tirdad and the dependencies, they didn’t work. Looking at:

systemctl --failed
systemctl status systemd-modules-load

It showed that systemd-modules-load failed and gave me the pid 795.

Looking at the pid in the journal with

sudo journalctl _PID=795

I get this error:

Aug 29 10:34:55 host systemd-modules-load[795]: Failed to insert module ‘tirdad’: Key was rejected by service
Aug 29 10:34:55 host systemd-modules-load[795]: Failed to insert module ‘p_lkrg’: Key was rejected by service

Disabling secure-boot doesn’t fix it, neither did reinstalling all whonix-repo packages, manually running

sude update-grub

or

sudo update-initramfs -u

Any idea what else to try, in case this issue is on my pc?

At this point, you probably cannot load any kernel module whatsoever. Not limited to tirdad, lkrg. Therefore, Information Booster might be Available!

Guess: Disabling SecureBoot is unsuffient. Possibly kernel signature verification is still enforced.

Whonix / Kicksecure issue ticket:
enforce kernel module software signature verification [module signing] / disallow kernel module loading by default

Sorry, you were correct, it had nothing to do with Kicksecure.
The thread you linked was spot on and immediately solved it, I had

module.sig_enforce=1

enabled as grub parameter. Now the error changed from “key rejected” to “not permitted”.
I also had to disable:

lockdown=confidentiality

and reducing it to

lockdown=integrity

didn’t work either.

And secure boot had to be turned off as well.

But now lkrg is running flawlessly and the system is finally set up properly.
Thank you very much!