Re: [PATCH 0/3] Add lockdown mode

2025-05-13 Thread Kevin Lampis
On Mon, May 12, 2025 at 11:41 AM Jan Beulich wrote: > > You want to go into more detail here, specifically to describe the criteria > of "specifically safe". The command line doc may also want updating. I do not have a quick answer for you please bear with me.

Re: [PATCH 0/3] Add lockdown mode

2025-05-13 Thread Jan Beulich
On 12.05.2025 21:56, Kevin Lampis wrote: > The intention of lockdown mode is to prevent attacks from a rogue dom0 > userspace from compromising the system. Lockdown mode can be controlled by a > Kconfig option and a command-line parameter. It is also enabled automatically > when Secure Boot is enab

[PATCH 0/3] Add lockdown mode

2025-05-12 Thread Kevin Lampis
The intention of lockdown mode is to prevent attacks from a rogue dom0 userspace from compromising the system. Lockdown mode can be controlled by a Kconfig option and a command-line parameter. It is also enabled automatically when Secure Boot is enabled and it cannot be disabled in that case. Ross