After years of discussion and development, Linus Torvalds has finally confirmed a new security feature
What will change
In Linux version 5.4, as an LSM (Linux Security Module), the company will introduce a new kernel locking feature. It is disabled by default and can be activated at any time if necessary. The main goal is to limit access to kernel code, reading and writing data to memory, even for the root user.
The new module will support two modesblocking: “integrity” and “confidentiality”. In the first case, options that allow you to change the running kernel are disabled. The second option blocks the ability to extract sensitive information from the kernel.