Discover Security Projects News
openSUSE Begins Enforcing Secure Boot Kernel Lockdown
Linux distro openSUSE has begun enforcing Kernel Lockdown when Secure Boot is enabled, creating issues for many users.
Kernel Lockdown was introduced in version 5.4 of the Linux kernel and is designed to help protect the kernel from tampering and unauthorized modification, and serves as an important security feature. It works together with Secure Boot, which is a system to ensure the bootloader process is running legitimate, trusted code signed by Microsoft-controlled master keys.
While openSUSE has long supported Secure Boot, it did not have Kernel Lockdown enabled for its Tumbleweed distro. Because Tumbleweed is a rolling distro, where updates are pushed out as they become available instead of waiting for a point release, leaving Kernel Lockdown disabled made it easier for users to deal with unsigned kernel modules and drivers, such as Nvidia drivers.