From 7b8f43756cfabe9805913386c550028aa5bb3a19 Mon Sep 17 00:00:00 2001
From: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Date: Tue, 10 Sep 2024 11:37:03 +0200
Subject: [PATCH] changelog: Add entry for kernel lockdown changes

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
---
 changelog/changes/2024-09-10-kernel-lockdown.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog/changes/2024-09-10-kernel-lockdown.md

diff --git a/changelog/changes/2024-09-10-kernel-lockdown.md b/changelog/changes/2024-09-10-kernel-lockdown.md
new file mode 100644
index 0000000000..936d9aea32
--- /dev/null
+++ b/changelog/changes/2024-09-10-kernel-lockdown.md
@@ -0,0 +1 @@
+- Kernel lockdown in integrity mode is now enabled when secure boot is enabled. This prevents loading unsigned kernel modules and matches the behavior of all major distros. ([scripts#2299](https://github.com/flatcar/scripts/pull/2299))