* Joe Salmeri
Hi Joey,
On thing I don't understand about when lockdown was enabled.
According to this
https://man7.org/linux/man-pages/man7/kernel_lockdown.7.html
The Kernel Lockdown feature is enabled by CONFIG_SECURITY_LOCKDOWN_LSM.
grep CONFIG_SECURITY_LOCKDOWN /usr/lib/modules/*/config
Returns
/usr/lib/modules/6.1.8-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM=y /usr/lib/modules/6.1.8-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y /usr/lib/modules/6.2.1-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM=y /usr/lib/modules/6.2.1-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
So on this TW system both were set to 'y' in the 6.1.8 and 6.2.1 kernels.
Since the 6.1.8 kernel allowed the vmware modules ( which I didn't sign ) to load, it would appear that this kernel lockdown also changes some other configuration too.
What else was done when the kernel lockdown was enabled?
fwiw: /usr/lib/modules/6.1.10-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM=y /usr/lib/modules/6.1.10-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y /usr/lib/modules/6.1.12-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM=y /usr/lib/modules/6.1.12-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y /usr/lib/modules/6.1.4-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM=y /usr/lib/modules/6.1.4-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y /usr/lib/modules/6.1.6-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM=y /usr/lib/modules/6.1.6-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y /usr/lib/modules/6.1.7-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM=y /usr/lib/modules/6.1.7-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y /usr/lib/modules/6.1.8-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM=y /usr/lib/modules/6.1.8-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y /usr/lib/modules/6.2.0-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM=y /usr/lib/modules/6.2.0-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y /usr/lib/modules/6.2.1-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM=y /usr/lib/modules/6.2.1-1-default/config:CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet oftc