Date: 2020nov22 OS: Linux Q. Linux: Enable lockdown mode on the kernel command line A. 0. Linux >= 5.4 is required. 1. Edit file /etc/default/grub In that file append "lockdown=integrity" or "lockdown=confidentiality" to GRUB_CMDLINE_LINUX, eg: Before:

.. GRUB_CMDLINE_LINUX="rhgb quiet" ...

After:

.. GRUB_CMDLINE_LINUX="rhgb quiet lockdown=integrity" ...

You probably don't have to add lsm=lockdown because its most likely already enabled. Save the file. 2. Tell grub. Many distros have:

grub-update

On RedHat/Fedora/CentOS

grub2-update -o /boot/grub2/grub.cfg

3. Reboot

reboot

4. Check

cat /sys/kernel/security/lockdown

Should show

none [integrity] confidentiality

The square brackets are around the selected mode.