# Enable the kernel lockdown feature. If set to integrity, kernel features
# that allow userland to modify the running kernel are disabled. If set to
# confidentiality, kernel features that allow userland to extract
# confidential information from the kernel are also disabled.
# https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html

GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT lockdown=confidentiality"
#GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT lockdown=integrity"

# Notes:
# * Zaldaryn loses ethernet in lockdown mode.
# * Itwjyg kernel panics (attempted to kill init) on lockdown=confidentiality,
#   works with lockdown=integrity. MacBook weirdness?
# * Kincarron, Rbtpzn, have no problems.