shell-things/etc/default/grub.d/lockdown.cfg

# Enable the kernel lockdown feature. If set to integrity, kernel features
# that allow userland to modify the running kernel are disabled. If set to
# confidentiality, kernel features that allow userland to extract
# confidential information from the kernel are also disabled.
# https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html

GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT lockdown=confidentiality"
#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT lockdown=integrity"

# Notes:
# * Zaldaryn loses ethernet in lockdown mode.
# * Itwjyg kernel panics (attempted to kill init) on lockdown=confidentiality,
#   works with lockdown=integrity. MacBook weirdness?
# * Kincarron, Rbtpzn, have no problems.
etc/default/grub.d: add lockdown.cfg 2020-02-13 00:17:39 +01:00			`# Enable the kernel lockdown feature. If set to integrity, kernel features`
			`# that allow userland to modify the running kernel are disabled. If set to`
			`# confidentiality, kernel features that allow userland to extract`
			`# confidential information from the kernel are also disabled.`
			`# https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html`
etc/default/grub.d/lockdown.cfg: notes + lockdown=integrity comment 2020-02-13 01:03:21 +01:00
etc/default/grub.d: add lockdown.cfg 2020-02-13 00:17:39 +01:00			`GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT lockdown=confidentiality"`
etc/default/grub.d/lockdown.cfg: notes + lockdown=integrity comment 2020-02-13 01:03:21 +01:00			`#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT lockdown=integrity"`

			`# Notes:`
			`# * Zaldaryn loses ethernet in lockdown mode.`
			`# * Itwjyg kernel panics (attempted to kill init) on lockdown=confidentiality,`
			`# works with lockdown=integrity. MacBook weirdness?`
			`# * Kincarron, Rbtpzn, have no problems.`