On Wed, Apr 11, 2018 at 9:24 AM, David Howells <dhowells@xxxxxxxxxx> wrote: > > (*) CONFIG_LOCK_DOWN_KERNEL > > This makes lockdown available and applies it to all the points that > need to be locked down if the mode is set. Lockdown mode can be > enabled by providing: > > lockdown=1 By doing this, you are basically committing to making the protect-kernel-integrity vs protect-kernel-secrecy split be a second-class citizen if it gets added. How about lockdown=integrity_and_secrecy or lockdown=2 if you feel like using numbers? -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html