After many years of discussion and development, Linus Torvalds has finally confirmed the new security feature.
What will change
In Linux 5.4 as an LSM (Linux Security Module), the company will introduce a new kernel locking feature. It is disabled by default and can be activated at any time if necessary. The main task is to restrict access to the kernel code, reading and writing data to memory, even for the root user.
The new module will support two modeslocks: “integrity” and “confidentiality”. In the first case, options are disabled that allow you to change the working kernel. The second option blocks the ability to extract sensitive information from the kernel.