Public bug reported:
Hello, I tried to disable lockdown so I could debug bug 1861359.
I changed my security= kernel command line parameter to no longer
reference lockdown or integrity and yet the lockdown still applied:
sarnold@millbarge:~/Canonical/work-reports$ uname -a
Linux millbarge 5.4.0-14-generic #17-Ubuntu SMP Thu Feb 6 22:47:59 UTC 2020
x86_64 x86_64 x86_64 GNU/Linux
sarnold@millbarge:~/Canonical/work-reports$ cat /proc/cmdline
BOOT_IMAGE=/BOOT/ubuntu@/vmlinuz-5.4.0-14-generic root=ZFS=rpool/ROOT/ubuntu ro
root=ZFS=rpool/ROOT/ubuntu quiet splash acpi_osi=! "acpi_osi=Windows 2015"
security=yama,apparmor vt.handoff=1
sarnold@millbarge:~/Canonical/work-reports$ dmesg | grep -i lockdown
[ 0.000000] Kernel is locked down from EFI Secure Boot mode; see man
kernel_lockdown.7
[ 0.175625] Lockdown: swapper: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.175626] Tracing disabled due to lockdown
[ 0.226042] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.226042] Can not register tracer wakeup due to lockdown
[ 0.226042] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.226042] Can not register tracer function_graph due to lockdown
[ 0.536927] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.536928] Tracing disabled due to lockdown
[ 0.536929] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.536929] Tracing disabled due to lockdown
[ 0.536930] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.536930] Tracing disabled due to lockdown
[ 0.536931] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.536932] Tracing disabled due to lockdown
[ 0.536934] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.536934] Tracing disabled due to lockdown
[ 0.536935] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.536936] Tracing disabled due to lockdown
[ 0.536937] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.536937] Tracing disabled due to lockdown
[ 0.826846] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.826847] Tracing disabled due to lockdown
[ 0.826849] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.826849] Can not register tracer mmiotrace due to lockdown
[ 0.826851] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.826851] Can not register tracer blk due to lockdown
[ 0.955352] Lockdown: swapper/0: use of tracefs is restricted; see man
kernel_lockdown.7
[ 0.955353] Can not register tracer hwlat due to lockdown
[ 1.005959] Lockdown: swapper/0: hibernation is restricted; see man
kernel_lockdown.7
[ 18.886284] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man
kernel_lockdown.7
[ 21.314470] Lockdown: Xorg: raw io port access is restricted; see man
kernel_lockdown.7
[ 48.022857] Lockdown: opensnoop-bpfcc: unsafe use of perf is restricted; see
man kernel_lockdown.7
[ 48.022862] Lockdown: opensnoop-bpfcc: use of kprobes is restricted; see man
kernel_lockdown.7
Thanks
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: linux-image-5.4.0-14-generic 5.4.0-14.17
ProcVersionSignature: Ubuntu 5.4.0-14.17-generic 5.4.18
Uname: Linux 5.4.0-14-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu16
Architecture: amd64
Date: Sat Feb 22 05:06:38 2020
ProcEnviron:
TERM=rxvt-unicode-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: linux-signed-5.4
UpgradeStatus: Upgraded to focal on 2020-01-24 (28 days ago)
** Affects: linux-signed-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug focal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1864272
Title:
How to disable lockdown?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-signed-5.4/+bug/1864272/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
