Flashes (Alerts)
Abstract
Using sysfs to enter lockdown on Power10 systems can cause the system to behave differently than normal.
Content
Linux Releases Affected
Red Hat Enterprise Linux (RHEL) 8.5
Red Hat Enterprise Linux (RHEL) 8.6
Red Hat Enterprise Linux (RHEL) 9.0
IBM Systems Affected
All Power10 systems.
Symptoms
There are several ways that lockdown can be enabled:
- by using sysfs (e.g. `echo integrity > /sys/kernel/security/lockdown`).
- by using a kernel command line parameter ('lockdown=integrity').
- by booting under secure boot.
Entering lockdown after startup by using sysfs might result in different behavior than entering lockdown at startup. Processes that are run before entering lockdown are able to obtain resources or perform actions that would otherwise be blocked by the lockdown. When the lockdown is entered, those resources are not torn down and the actions cannot be undone.
To avoid this situation, you can avoid using sysfs to enable lockdown.
Workaround
You can use a different method (other than sysfs) to enable lockdown.
Fix Outlook
There is no fix available for this issue.
[{"Type":"MASTER","Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SGMV157","label":"IBM Support for Red Hat Enterprise Linux Server"},"ARM Category":[{"code":"a8m0z000000Gnl7AAC","label":"Red Hat Enterprise Linux"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
06 June 2022
UID
ibm16558178