Browse Source

etc/default/grub.d/lockdown.cfg: notes + lockdown=integrity comment

master
Mikaela Suomalainen 4 days ago
parent
commit
a3d7b0af22
Signed by: mikaela <mikaela@mikaela.info> GPG Key ID: 99392F62BAE30723
1 changed files with 8 additions and 0 deletions
  1. +8
    -0
      etc/default/grub.d/lockdown.cfg

+ 8
- 0
etc/default/grub.d/lockdown.cfg View File

@@ -3,4 +3,12 @@
# confidentiality, kernel features that allow userland to extract
# confidential information from the kernel are also disabled.
# https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html

GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT lockdown=confidentiality"
#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT lockdown=integrity"

# Notes:
# * Zaldaryn loses ethernet in lockdown mode.
# * Itwjyg kernel panics (attempted to kill init) on lockdown=confidentiality,
# works with lockdown=integrity. MacBook weirdness?
# * Kincarron, Rbtpzn, have no problems.

Loading…
Cancel
Save