Public bug reported: Hello, I tried to disable lockdown so I could debug bug 1861359.
I changed my security= kernel command line parameter to no longer reference lockdown or integrity and yet the lockdown still applied: sarnold@millbarge:~/Canonical/work-reports$ uname -a Linux millbarge 5.4.0-14-generic #17-Ubuntu SMP Thu Feb 6 22:47:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux sarnold@millbarge:~/Canonical/work-reports$ cat /proc/cmdline BOOT_IMAGE=/BOOT/ubuntu@/vmlinuz-5.4.0-14-generic root=ZFS=rpool/ROOT/ubuntu ro root=ZFS=rpool/ROOT/ubuntu quiet splash acpi_osi=! "acpi_osi=Windows 2015" security=yama,apparmor vt.handoff=1 sarnold@millbarge:~/Canonical/work-reports$ dmesg | grep -i lockdown [ 0.000000] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7 [ 0.175625] Lockdown: swapper: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.175626] Tracing disabled due to lockdown [ 0.226042] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.226042] Can not register tracer wakeup due to lockdown [ 0.226042] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.226042] Can not register tracer function_graph due to lockdown [ 0.536927] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536928] Tracing disabled due to lockdown [ 0.536929] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536929] Tracing disabled due to lockdown [ 0.536930] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536930] Tracing disabled due to lockdown [ 0.536931] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536932] Tracing disabled due to lockdown [ 0.536934] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536934] Tracing disabled due to lockdown [ 0.536935] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536936] Tracing disabled due to lockdown [ 0.536937] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536937] Tracing disabled due to lockdown [ 0.826846] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.826847] Tracing disabled due to lockdown [ 0.826849] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.826849] Can not register tracer mmiotrace due to lockdown [ 0.826851] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.826851] Can not register tracer blk due to lockdown [ 0.955352] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.955353] Can not register tracer hwlat due to lockdown [ 1.005959] Lockdown: swapper/0: hibernation is restricted; see man kernel_lockdown.7 [ 18.886284] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man kernel_lockdown.7 [ 21.314470] Lockdown: Xorg: raw io port access is restricted; see man kernel_lockdown.7 [ 48.022857] Lockdown: opensnoop-bpfcc: unsafe use of perf is restricted; see man kernel_lockdown.7 [ 48.022862] Lockdown: opensnoop-bpfcc: use of kprobes is restricted; see man kernel_lockdown.7 Thanks ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: linux-image-5.4.0-14-generic 5.4.0-14.17 ProcVersionSignature: Ubuntu 5.4.0-14.17-generic 5.4.18 Uname: Linux 5.4.0-14-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu16 Architecture: amd64 Date: Sat Feb 22 05:06:38 2020 ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: linux-signed-5.4 UpgradeStatus: Upgraded to focal on 2020-01-24 (28 days ago) ** Affects: linux-signed-5.4 (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-signed-5.4 in Ubuntu. https://bugs.launchpad.net/bugs/1864272 Title: How to disable lockdown? Status in linux-signed-5.4 package in Ubuntu: New Bug description: Hello, I tried to disable lockdown so I could debug bug 1861359. I changed my security= kernel command line parameter to no longer reference lockdown or integrity and yet the lockdown still applied: sarnold@millbarge:~/Canonical/work-reports$ uname -a Linux millbarge 5.4.0-14-generic #17-Ubuntu SMP Thu Feb 6 22:47:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux sarnold@millbarge:~/Canonical/work-reports$ cat /proc/cmdline BOOT_IMAGE=/BOOT/ubuntu@/vmlinuz-5.4.0-14-generic root=ZFS=rpool/ROOT/ubuntu ro root=ZFS=rpool/ROOT/ubuntu quiet splash acpi_osi=! "acpi_osi=Windows 2015" security=yama,apparmor vt.handoff=1 sarnold@millbarge:~/Canonical/work-reports$ dmesg | grep -i lockdown [ 0.000000] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7 [ 0.175625] Lockdown: swapper: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.175626] Tracing disabled due to lockdown [ 0.226042] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.226042] Can not register tracer wakeup due to lockdown [ 0.226042] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.226042] Can not register tracer function_graph due to lockdown [ 0.536927] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536928] Tracing disabled due to lockdown [ 0.536929] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536929] Tracing disabled due to lockdown [ 0.536930] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536930] Tracing disabled due to lockdown [ 0.536931] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536932] Tracing disabled due to lockdown [ 0.536934] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536934] Tracing disabled due to lockdown [ 0.536935] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536936] Tracing disabled due to lockdown [ 0.536937] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.536937] Tracing disabled due to lockdown [ 0.826846] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.826847] Tracing disabled due to lockdown [ 0.826849] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.826849] Can not register tracer mmiotrace due to lockdown [ 0.826851] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.826851] Can not register tracer blk due to lockdown [ 0.955352] Lockdown: swapper/0: use of tracefs is restricted; see man kernel_lockdown.7 [ 0.955353] Can not register tracer hwlat due to lockdown [ 1.005959] Lockdown: swapper/0: hibernation is restricted; see man kernel_lockdown.7 [ 18.886284] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man kernel_lockdown.7 [ 21.314470] Lockdown: Xorg: raw io port access is restricted; see man kernel_lockdown.7 [ 48.022857] Lockdown: opensnoop-bpfcc: unsafe use of perf is restricted; see man kernel_lockdown.7 [ 48.022862] Lockdown: opensnoop-bpfcc: use of kprobes is restricted; see man kernel_lockdown.7 Thanks ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: linux-image-5.4.0-14-generic 5.4.0-14.17 ProcVersionSignature: Ubuntu 5.4.0-14.17-generic 5.4.18 Uname: Linux 5.4.0-14-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu16 Architecture: amd64 Date: Sat Feb 22 05:06:38 2020 ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: linux-signed-5.4 UpgradeStatus: Upgraded to focal on 2020-01-24 (28 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed-5.4/+bug/1864272/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp