On Mon, May 12, 2025 at 11:41 AM Jan Beulich wrote:
>
> You want to go into more detail here, specifically to describe the criteria
> of "specifically safe". The command line doc may also want updating.
I do not have a quick answer for you please bear with me.
On 12.05.2025 21:56, Kevin Lampis wrote:
> The intention of lockdown mode is to prevent attacks from a rogue dom0
> userspace from compromising the system. Lockdown mode can be controlled by a
> Kconfig option and a command-line parameter. It is also enabled automatically
> when Secure Boot is enab
The intention of lockdown mode is to prevent attacks from a rogue dom0
userspace from compromising the system. Lockdown mode can be controlled by a
Kconfig option and a command-line parameter. It is also enabled automatically
when Secure Boot is enabled and it cannot be disabled in that case.
Ross