You are not logged in.
My computer requires overwriting the original ACPI DSDT.aml table to resolve the issue described in the post. Currently, I can only successfully overwrite it when Secure Boot is disabled, which is inconvenient for dual-boot users.
Anyway here are several feasible methods to override the DSDT. And all of these attempts are failed. (Except the method "Compiling into the kernel" I haven't tried yet)
I'm curious about the mechanism of Secure Boot here. I've already tried the AI-suggested solution: importing the self-signed MOK.der into the shim and placing the signature files DSDT.aml.sig and DSDT.aml in the correct locations within the initramfs. However, under Secure Boot, it appears the kernel parses the .sig file as an ACPI table during the earliest boot stages (then reports `Unknown signature`), and outright rejects my ACPI DSDT table without checking the MOK keyring.
[ 0.003605] ACPI: ACPI OVERRIDE: Unknown signature [kernel/firmware/acpi/DSDT.aml.sig]
[ 0.003621] ACPI: DSDT ACPI table found in initrd [kernel/firmware/acpi/DSDT.aml][0x12a61]
[ 0.003624] Lockdown: swapper: modifying ACPI tables is restricted; see man kernel_lockdown.7
[ 0.003625] ACPI: kernel is locked down, ignoring table override
[ 0.003627] ACPI: Early table checksum verification disabledBelow is the corresponding kernel source code:
// at drivers/acpi/tables.c
void __init acpi_table_upgrade(void)
{
...
for (no = 0; no < NR_ACPI_INITRD_TABLES; no++) {
file = find_cpio_data(cpio_path, data, size, &offset);
if (!file.data)
break;
data += offset;
size -= offset;
if (file.size < sizeof(struct acpi_table_header)) {
pr_err("ACPI OVERRIDE: Table smaller than ACPI header [%s%s]\n",
cpio_path, file.name);
continue;
}
table = file.data;
for (sig = 0; sig < ARRAY_SIZE(table_sigs); sig++)
if (!memcmp(table->signature, table_sigs[sig], 4))
break;
if (sig >= ARRAY_SIZE(table_sigs)) {
pr_err("ACPI OVERRIDE: Unknown signature [%s%s]\n",
cpio_path, file.name);
continue;
}
if (file.size != table->length) {
pr_err("ACPI OVERRIDE: File length does not match table length [%s%s]\n",
cpio_path, file.name);
continue;
}
if (acpi_table_checksum(file.data, table->length)) {
pr_err("ACPI OVERRIDE: Bad table checksum [%s%s]\n",
cpio_path, file.name);
continue;
}
pr_info("%4.4s ACPI table found in initrd [%s%s][0x%x]\n",
table->signature, cpio_path, file.name, table->length);
all_tables_size += table->length;
acpi_initrd_files[table_nr].data = file.data;
acpi_initrd_files[table_nr].size = file.size;
table_nr++;
}
if (table_nr == 0)
return;
if (security_locked_down(LOCKDOWN_ACPI_TABLES)) {
pr_notice("kernel is locked down, ignoring table override\n");
return;
}
...
}Then I looked up the kernel_lockdown.7, confirming that the kernel disables ACPI override. So when Secure Boot is enabled (meaning the kernel has the lockdown feature activated), the kernel probably can't read my DSDT.aml to override it, right? Is there another way to fix this? Could I approach it from GRUB, or modify and compile the kernel? But I really don't want to hack the kernel... and I'm not very familiar with compiling kernels either.
Offline
From what I remember lockdown is not enabled automatically. Can you paste your `/proc/cmdline`?
Offline