32nd Time The Charm? Latest Linux Lockdown Patches Posted
![LINUX KERNEL](/assets/categories/linuxkernel.webp)
The proposed LOCKDOWN mode forbids writing to /dev/mem, restricts access to PCI BAR and MSRs, doesn't allow kernel module parameters to be used that set hardware settings, disables system hibernation, and other kernel features that could allow changing the hardware state. The lockdown mode isn't enabled by default but is intended to be paired with UEFI SecureBoot and the like within security sensitive environments.
With the 32nd revision to these patches, TraceFS is now locked down as well while the DebugFS changes have been reverted to an earlier implementation. There is also more documentation and other code alterations in trying to get this feature squared away for the next kernel cycle.
With there still being several weeks until the Linux 5.2 merge window kicks off, it's still looking quite probable and likely this feature will be merged for the next kernel cycle given the number of active upstream developers involved in this effort, assuming no other major items are uncovered.
3 Comments