After fiddling with the idea for a long time, Linus Torvalds has finally decided to add “lockdown” security feature in Linux Kernel 5.4. The feature will be optional and will be shipped as Linux Security Module in the upcoming Linux 5.4. The feature will bring a major change in how user-space interacts with the Linux kernel.
The feature was proposed by Google engineer Matthew Garrett in 2010. He said, “The lockdown module is intended to allow for kernels to be locked down early in [the] boot [process].”
The Lockdown feature in Linux is mainly intended to prevent root account from tampering with kernel code, thus drawing a line between userland processes and the code.
The security feature will be disabled by default when it will be shipped. Upon enabling it, even root accounts won’t be able to access certain kernel functionalities, thus protecting the operating system from being affected from a compromised root account.
Some of the restrictions included in the Lockdown feature are the prevention of hibernation of the system, blocking write operation to /dev/mem even for root accounts, blocking CPU MSR access, etc.
There are two different parameters in the Lockdown feature for activating different levels of restrictions: lockdown= integrity restricts the kernel features that allow userland to modify running kernels; lockdown= confidentiality restricts users from extracting “confidential information” from the kernel.
Linus Torvalds was one of the critics of the feature when it was initially proposed. He organized many discussions, reviews and added aplenty code rewrites to ensure that the feature does not affect the kernel and is implemented in the manner it is intended for.