I am new here and recently installed OpenSUSE. I have a small problem: I would like to disable lockdown while still using secure boot. I tried to changing kernel parameters (lockdown=none, lsm=capability,landlock,yama,selinux,bpf,ima,evm i.e. everything but lockdown) without success.
/sys/kernel/security/lockdown remains set to integrity and my ultimate goal to gain access to /dev/port remains impossible.
For context: I used YaST → Boot Load Settings → Kernel Parameters to change kernel parameters and I use Systemd Boot. I confirmed that I can access /dev/port without secure boot.
What am I doing wrong? Do you have a suggestion? Any help is very much appreciated.
Thanks for your suggestions. @jsulig I would like to leave the validation process. I just want to get rid of lockdown so I can access /dev/port freely. @malcolmlewis I think I did. I will check later when I am at my machine. However, I think preventing access to kmem and port is intended with lockdown and hopefully I cannot circumvent this by joining the correct system group.
so apparently everything works as intended. The lsm seem to be early kernel modules that are loaded before anything else. Therefore, they are applied regardless of the kernel parameters that you chose in the boot loader. This means to achieve the thing I wanted (i.e. disable lockdown while retaining secure boot) I would have to compile a custom kernel without early lockdown, then sign it and enroll it.