I am using AZL3 iso and customizing it for our HPE servers. I need to disable lockdown=integrity parameter in the base ISO.
I tried removing it from grub.cfg but still the OS is coming up with "lockdown=integrity" parameter. It seems the parameter is coming from somewhere else. Can you please share the correct way to update it in ISO ?
I tried it in the following file:
set timeout=0
# The use of mariner.media=CDROM is a workaround that our installer does not require
# but it is observed to be needed to boot on some hardware/SoCs.
menuentry "Azure Linux" {
search --label CDROM --set root
linux /isolinux/vmlinuz root=/dev/ram0 mariner.media=CDROM lockdown=integrity sysctl.kernel.unprivileged_bpf_disabled=1 console=tty0 console=ttyS0,115200n8
initrd /isolinux/initrd.img
}
@ankithmr are you using Secure Boot? From man page: On an EFI-enabled x86 or arm64 machine, lockdown will be automatically enabled if the system boots in EFI Secure Boot mode
I am using AZL3 iso and customizing it for our HPE servers. I need to disable lockdown=integrity parameter in the base ISO. I tried removing it from grub.cfg but still the OS is coming up with "lockdown=integrity" parameter. It seems the parameter is coming from somewhere else. Can you please share the correct way to update it in ISO ?
I tried it in the following file: