Linus Torvalds approved ‘lockdown’ feature in Linux kernel

After years of evaluation, discussion, and rewriting, Linus Torvalds approved the kernel lockdown feature. The new feature LSM (Linux Security Module) will be available to users with Linux kernel 5.4. It will restrict user-space access or modification to the kernel, and impose additional restrictions on the root modification runtime kernel to prevent the compromised root account from jeopardizing the rest of the system. The LSM will initially be turned off by default and the user can choose to enable it because it may corrupt the existing system.

https://twitter.com/aionescu/status/1178353010109321216

Downstream distros like Ubuntu have shipped a previous version of this for a while now (to try and ensure UEFI Secure Boot cannot be subverted) so it is great to see this finally upstream

— @alexmurray@fosstodon.org (@alex_murray) September 30, 2019

Other changes to kernel 5.4 include: ARM64 architecture will be able to use 52-bit addresses; remove Intel ‘s MPX functionality; remove support for SGI SN2 architecture; “haltpoll” CPU idle governor; support Lenovo ThinkPad “PrivacyGuard” functionality, etc.

Via: ZDNet