On Wed, Apr 11, 2018 at 9:24 AM, David Howells <dhowe...@redhat.com> wrote: > > (*) CONFIG_LOCK_DOWN_KERNEL > > This makes lockdown available and applies it to all the points that > need to be locked down if the mode is set. Lockdown mode can be > enabled by providing: > > lockdown=1
By doing this, you are basically committing to making the protect-kernel-integrity vs protect-kernel-secrecy split be a second-class citizen if it gets added. How about lockdown=integrity_and_secrecy or lockdown=2 if you feel like using numbers?
