Lockdown is enabled in focal, and the default mode when booted without any secure boot scheme is NONE.
When booted under a secure boot scheme, we had previously forced the CONFIDENTIALITY mode for lockdown. But we have now scaled that back, and the kernel in focal-proposed sets the mode to INTEGRITY under secure boot. This kernel should be released early next week.
Lockdown is enabled in focal, and the default mode when booted without any secure boot scheme is NONE.
When booted under a secure boot scheme, we had previously forced the CONFIDENTIALITY mode for lockdown. But we have now scaled that back, and the kernel in focal-proposed sets the mode to INTEGRITY under secure boot. This kernel should be released early next week.