-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
None
When using the lockdown kernel-s flag in linux cmdline as this in boot.conf file :
params += real_root=auto rootfstype=auto iommu=force lockdown=confidentiality lsm=lockdown,yama,apparmor apparmor=1 elevator=deadline
the boot fails just after modules scanning and when mounting root partition with this complain (see img attached) :
>> Determining root device... !! Block device /dev/nvme0n1p14 is not a valid root device !! Could not find the root block device in . Please specify an other value or press Enter for the same, type "shell" for a shell, or "q" to skip ...
I couldn't see any log in dmesg nor kernel log.
My kernel has lockdown_lsm module built-in :
# CONFIG_BPF_LSM is not set
# CONFIG_IIO_ST_LSM6DSX is not set
CONFIG_LSM_MMAP_MIN_ADDR=65536
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf"
