Re: [PATCH v2 3/3] Disallow most command-line options when lockdown mode is enabled

[Kevin Lampis <kevin.lampis@xxxxxxxxx>]

On Tue, Jun 10, 2025 at 4:56 PM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>
>It's still being left entirely unclear what the criteria are by which an
>option can / cannot be marked "safe".

The purpose of lockdown mode is to protect Xen from unauthorized code execution
in Secure Boot mode. Xen especially needs protection from dom0 userland which
I understand has traditionally been considered fully trusted.

>... why's this being marked such, when already by its name its use is going
>to render the system unsafe.
>Similarly I don't think it's a good idea to allow turning off MCE.

I believe these are both denial of service issues which is out of scope for
lockdown mode / Secure Boot.

>I won't go any further until clarification on the criteria was written
>down.
I understand your feedback. Picking safe comandline options and explaining why
they are safe requires more work here.