Hello, Maybe this might be a vague question: Is it possible to load kernel modules, when in secure level 3 modus?
After reading the FreeBSD Handbook, this question still remains.
Usually to load the Intel Wireless Drivers + PF, i set in /etc/rc.conf
But after setting secure level 3 in /etc/sysctl.conf, and reading dmesg after booting the system: kldload can't load the kernel if_iwm, and also can't load PF: operation not permitted.
That actually should be expected behavior, after setting secure level3.
But in the FreeBSD Handbook, it states, that secure level 3 is in some way false sense of security, because, kernel modules can still be loading at boot time, before the secure level mechanism kicks in.
So i thought, o.k, i will enable secure level 3, and just load the Intel Wireless Module + PF at boot time, by adding the modules to: /boot/loader.conf.
So what happens, is that indeed, now the if_iwm and PF, get's started even before secure level 3 starts, however it seems that if_iwm can not read the firmware, to load the wireless module, because: the if_iwm module is loaded, before the root file system is active.. and that is where i got stuck right now.. and to be honest, after reading on the www about secure level 3, i see often that people call secure level 3 a administrative nightmare.
I have no idea if that it true, however my question remains: Is it possible to load kernel modules, when in secure level 3?
After reading the FreeBSD Handbook, this question still remains.
Usually to load the Intel Wireless Drivers + PF, i set in /etc/rc.conf
Code:
if_iwmload="YES"
iwm3160fw_load="YES"
wlan_ccmp_load="YES"
wlan_tkip_load="YES"
pf_enable="YES"
But after setting secure level 3 in /etc/sysctl.conf, and reading dmesg after booting the system: kldload can't load the kernel if_iwm, and also can't load PF: operation not permitted.
That actually should be expected behavior, after setting secure level3.
But in the FreeBSD Handbook, it states, that secure level 3 is in some way false sense of security, because, kernel modules can still be loading at boot time, before the secure level mechanism kicks in.
So i thought, o.k, i will enable secure level 3, and just load the Intel Wireless Module + PF at boot time, by adding the modules to: /boot/loader.conf.
So what happens, is that indeed, now the if_iwm and PF, get's started even before secure level 3 starts, however it seems that if_iwm can not read the firmware, to load the wireless module, because: the if_iwm module is loaded, before the root file system is active.. and that is where i got stuck right now.. and to be honest, after reading on the www about secure level 3, i see often that people call secure level 3 a administrative nightmare.
I have no idea if that it true, however my question remains: Is it possible to load kernel modules, when in secure level 3?