On Thu, Aug 20, 2020 at 15:42:22 -0700, David Miller wrote: > From: Antony Antony <antony.ant...@secunet.com> > Date: Thu, 20 Aug 2020 20:35:49 +0200 > > > Redacting secret is a FIPS 140-2 requirement. > > Why not control this via the kernel lockdown mode rather than making > an ad-hoc API for this?
Let me try to use kernel lockdown mode. thanks for the idea. >From a quick googling I guess it would be part of "lockdown= confidentiality". I wonder if kernel lockdown would allow disabling just this one feature independent of other lockdowns. -antony
