On Tue, Jun 10, 2025 at 4:56 PM Jan Beulich <jbeul...@suse.com> wrote: > >It's still being left entirely unclear what the criteria are by which an >option can / cannot be marked "safe".
The purpose of lockdown mode is to protect Xen from unauthorized code execution in Secure Boot mode. Xen especially needs protection from dom0 userland which I understand has traditionally been considered fully trusted. >... why's this being marked such, when already by its name its use is going >to render the system unsafe. >Similarly I don't think it's a good idea to allow turning off MCE. I believe these are both denial of service issues which is out of scope for lockdown mode / Secure Boot. >I won't go any further until clarification on the criteria was written >down. I understand your feedback. Picking safe comandline options and explaining why they are safe requires more work here.