write(): operation not permitted - is this an error?

[seatv]

I get the following output when I run the shell script. write(): operation not permitted.

sudo ./psb_status.sh
write(): Operation not permitted
0x00000204
PSB is not enabled on your platform. You may be able to run custom firmware!

fwuppdtool results:

sudo fwupdtool security
Loading…                 [************************************** ]
Host Security ID: HSI:0! (v1.9.27)

HSI-1
✔ BIOS firmware updates:         Enabled
✔ TPM empty PCRs:                Valid
✔ TPM v2.0:                      Found
✔ UEFI bootservice variables:    Locked
✔ UEFI platform key:             Valid
✔ UEFI secure boot:              Enabled
✘ Fused platform:                Unknown
✘ Supported CPU:                 Unknown

HSI-2
✔ BIOS rollback protection:      Enabled
✔ IOMMU:                         Enabled
✔ TPM PCR0 reconstruction:       Valid
✘ SPI write protection:          Unknown
✘ Platform debugging:            Unknown

HSI-3
✘ SPI replay protection:         Unknown
✘ CET Platform:                  Not supported
✘ Pre-boot DMA protection:       Disabled
✘ Suspend-to-idle:               Disabled
✘ Suspend-to-ram:                Enabled

HSI-4
✔ SMAP:                          Enabled
✘ Processor rollback protection: Unknown
✘ Encrypted RAM:                 Unknown

Runtime Suffix -!
✔ fwupd plugins:                 Untainted
✔ Linux kernel lockdown:         Enabled
✔ Linux swap:                    Disabled
✘ Linux kernel:                  Tainted

[mkopec]

✔ Linux kernel lockdown: Enabled

You have Linux kernel lockdown, presumably due to UEFI secure boot being enabled. This prevents direct hardware access that psb_status needs. Try with secure boot disabled

This should be printed as an error message, though. Will add

[seatv]

A suggestion for improvement:
I took the following steps:
(1) cloned iotools and did a make, that creates the iotools exectuable.
(2) cloned the psb_status code

As iotoos was not in my search path, I had to modify the shell script to add ./

It will be nice to provide the path to iotools as an argument to the shell script.

[seatv]

✔ Linux kernel lockdown: Enabled

You have Linux kernel lockdown, presumably due to UEFI secure boot being enabled. This prevents direct hardware access that psb_status needs. Try with secure boot disabled

This should be printed as an error message, though. Will add

Turning off Secure boot did the trick.

Runtime Suffix -!
✔ fwupd plugins:                 Untainted
✔ Linux swap:                    Disabled
✘ Linux kernel lockdown:         Disabled

sudo ./psb_status.sh 
0x11001090
PSB is enabled on your platform. You will not be able to run alternative firmware.

The system in question is Lenovo ThinkCenter M75q Gen 2 - Model 11JKS1LM00.

Question for you, does the above result mean that I cannot take the CPU in the machine and put it in a different motherboard or I cannot update to non-Lenovo firmware?

[mkopec]

Question for you, does the above result mean that I cannot take the CPU in the machine and put it in a different motherboard or I cannot update to non-Lenovo firmware?

Both, kind of.

• The CPU will only work in this model of motherboard (and maybe some other variants, but there's no guarantees)
• You can't flash non-Lenovo firmware unless you replace the CPU at the same time. The CPU itself is fused, not the motherboard, so if you replace both firmware and the CPU with an unfused one, it should boot.

[seatv]

• The CPU will only work in this model of motherboard (and maybe some other variants, but there's no guarantees)

Yeah, learned that the hard way. Bought an off market Lenovo R5 Pro 5650GE (fused) to upgrade the 4650GE currently in the system. The system would not boot, even though Lenovo Premier support tells me it should boot.