sisevt/sisap modules fails to load, with the following error message:

sisevt failed with exit-code  Lockdown: insmod: unsigned module loading is restricted; see man kernel_lockdown.7

Linux system with Secure Boot disabled but has set the kernel lockdown mode to a non-default value (e.g. confidentiality)

In this configuration, the sisevt/sisap fails to load because:

The kernel lockdown mode enforces security restrictions (like blocking unsigned module loading). But without Secure Boot enabled, the kernel cannot verify the integrity of the boot process or modules. Therefore, with lockdown active and Secure Boot off, the kernel prevents the sisevt/sisap from being loaded.

This combination is not supported by the current sisevt/sisap, which requires either full security (Secure Boot + lockdown) or relaxed security (lockdown disabled).

To ensure the sisevt/sisap loads properly, choose one of the supported configurations:

Enable Secure Boot in the system firmware (BIOS/UEFI), which will allow lockdown restrictions to be validly enforced,

OR

Disable kernel lockdown by setting:

lockdown=none

in the kernel boot parameters (/etc/default/grub) and regenerating GRUB config:

sudo update-grub

Note: The sisevt/sisap currently does not support being loaded in a partially locked-down system (lockdown active without Secure Boot), as it cannot verify the kernel's integrity state reliably.