Linux Lock-Down Kernel Patches Get Revived, Seeking Mainline Inclusion

An effort ongoing for a few years now has been the CONFIG_LOCK_DOWN_KERNEL patches to prevent user-space from being able to modify the kernel image with blocking the ability to load unsigned kernel modules, no writing to /dev/mem, restricting PCI BAR and MSR access, ACPI restrictions, and more. Some Linux distributions are already carrying this work in some form and enabling it with UEFI SecureBoot, but it hasn't been mainlined although could soon change...