etc/default/grub.d/lockdown.cfg: notes + lockdown=integrity comment

2020-02-13 02:03:21 +02:00 · 2020-02-13 02:03:21 +02:00 · a3d7b0af22
parent b770e356cb
commit a3d7b0af22
1 changed files with 8 additions and 0 deletions
--- a/etc/default/grub.d/lockdown.cfg
+++ b/etc/default/grub.d/lockdown.cfg
@ -3,4 +3,12 @@
 # confidentiality, kernel features that allow userland to extract
 # confidential information from the kernel are also disabled.
 # https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
+
 GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT lockdown=confidentiality"
+#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT lockdown=integrity"
+
+# Notes:
+# * Zaldaryn loses ethernet in lockdown mode.
+# * Itwjyg kernel panics (attempted to kill init) on lockdown=confidentiality,
+#   works with lockdown=integrity. MacBook weirdness?
+# * Kincarron, Rbtpzn, have no problems.