search

microsoft / azurelinux

Linux OS for Azure 1P services and edge appliances
MIT License
4.29k stars 539 forks source link

AZL3: How to remove lockdown kernel parameter in ISO #10746

Open ankithmr opened 15 hours ago

ankithmr commented 15 hours ago

I am using AZL3 iso and customizing it for our HPE servers. I need to disable lockdown=integrity parameter in the base ISO. I tried removing it from grub.cfg but still the OS is coming up with "lockdown=integrity" parameter. It seems the parameter is coming from somewhere else. Can you please share the correct way to update it in ISO ?

I tried it in the following file: 

set timeout=0

# The use of mariner.media=CDROM is a workaround that our installer does not require
# but it is observed to be needed to boot on some hardware/SoCs.
menuentry "Azure Linux" {
    search --label CDROM --set root
    linux /isolinux/vmlinuz root=/dev/ram0 mariner.media=CDROM lockdown=integrity sysctl.kernel.unprivileged_bpf_disabled=1 console=tty0 console=ttyS0,115200n8
    initrd /isolinux/initrd.img
}
elsaco commented 4 hours ago

@ankithmr are you using Secure Boot? From man page: On an EFI-enabled x86 or arm64 machine, lockdown will be automatically enabled if the system boots in EFI Secure Boot mode