ElBlo

TIL Kernel Lockdown

Since kernel version 5.4, Linux now has kernel_lockdown which disallows userspace programs (even root) to perform certain actions, like loading unsigned kernel modules or modifying model-specific registers (MSRs).

There are two ways of disabling it so far. One is pressing ALT+SysRQ+x with a physical keyboard. This doesn’t seem to work on Ubuntu 20.04. The other one is by disabling Secure Boot in the UEFI BIOS.

Read more:

• Matthew Garret’s post
• LWN Article
• Original Patch
• Kees Cook’s post on Security Things Linux 5.4
• My question asking how to disable it in runtime