Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Receiving "iopl: Operation not permitted"/"You need to be root" error #20

Open
troyready opened this issue Jan 4, 2018 · 8 comments
Open

Receiving "iopl: Operation not permitted"/"You need to be root" error #20

troyready opened this issue Jan 4, 2018 · 8 comments

Comments

@troyready
Copy link

troyready commented Jan 4, 2018
edited
Loading

Attempting to run intelmetool on my Ubuntu 17.10 notebook:

root@mysystem:/home/myuser/intelmetool# rmmod mei_me
root@mysystem:/home/myuser/intelmetool# rmmod mei
root@mysystem:/home/myuser/intelmetool# cat /proc/cmdline
BOOT_IMAGE=/vmlinuz-4.13.0-21-generic.efi.signed root=UUID=UUIDHERE ro iomem=relaxed quiet splash vt.handoff=7
root@mysystem:/home/myuser/intelmetool# ./intelmetool
iopl: Operation not permitted
You need to be root

Tried executing it via sudo as well and received the same error. Didn't have any issues compiling (only received a me.c: In function 'mei_dump': me.c64:18: warning variable 'csr' set but not used [-Wunused-but-set-variable]/ struct mei_csr *csr; warning).

Appreciate all the work you've put into this and would love to help troubleshoot if I can!
@zamaudio
Copy link
Owner

zamaudio commented Jan 4, 2018

No idea, I just tried on a system with 4.14.7-300.fc27.x86_64 and iomem=relaxed and it worked... Maybe Ubuntu has some special kernel patches applied that prevents pci i/o space from being mapped? Can you try running it again and then paste the output of dmesg | tail.

@zamaudio
Copy link
Owner

zamaudio commented Jan 4, 2018

Maybe paste also cat /boot/config-$(uname -r) |grep DEVMEM

@troyready
Copy link
Author

Nothing notable from dmesg (nothing added after running the intelmetool command; last entries are ALLOWED apparmor entries for chromium and wifi association)

for DEVMEM settings:

root@mysystem:/home/myuser/intelmetool# cat /boot/config-$(uname -r) |grep DEVMEM
CONFIG_DEVMEM=y
CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
CONFIG_STRICT_DEVMEM=y
# CONFIG_IO_STRICT_DEVMEM is not set

@zamaudio
Copy link
Owner

zamaudio commented Jan 6, 2018

You can try the mekernel branch of intelmetool instead. I just updated it so you can build the kernel module and insert it, and then check dmesg for its output.

@cbarcenas
Copy link

I got this error too, and tracked the issue down.

iopl() returns an error EPERM (Operation not permitted) - even when invoked as root - if the kernel is in "lockdown mode". One of the things that lockdown mode does is disables userspace access to privileged I/O.

You can check if you are in lockdown mode as follows:

$ cat /sys/kernel/security/lockdown 
none [integrity] confidentiality

Modern Linux distributions - such as Debian, in my case - will automatically enter lockdown mode (integrity) when the kernel is booted with EFI Secure Boot enabled. To fix the issue I simply disabled Secure Boot and restarted my machine.

@eloydegen
Copy link
Contributor

Issue is fixed with this commit: https://review.coreboot.org/c/coreboot/+/63702

@zamaudio can you close this issue?

@zamaudio
Copy link
Owner

zamaudio commented Apr 18, 2022
edited
Loading

@eloydegen first of all, your change applies to inteltool not intelmetool. Second, this repository is retired. I am no longer maintaining it, it is there to preserve history. See coreboot/util for upstream. Thanks.

@eloydegen
Copy link
Contributor

@zamaudio I see, my apologies!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@troyready @cbarcenas @zamaudio @eloydegen