force lockdown confidentiality mode

static/releases.html

@@ -638,7 +638,8 @@
 
                     <ul>
                         <li>kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro): fix upstream compatibility issue preventing using better hashing algorithms than sha1 for kernel module signing with BoringSSL</li>
-                        <li>kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro): switch from standard GKI kernel module signing (used to enforce protected symbol rules for vendor modules) to forced kernel module signing as an additional lower level layer of security beyond the verification already provided by dm-verity and SELinux</li>
+                        <li>kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro): switch from standard GKI kernel module signing (used to enforce protected symbol rules for vendor modules) to forced kernel module signing as an additional lower level layer of security beyond the verification already provided by verified boot and SELinux</li>
+                        <li>kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro): enable lockdown LSM in forced confidentiality mode as an additional laower level layer of security beyond the verification already provided by verified boot and SELinux</li>
                         <li>Pixel 7, Pixel 7 Pro: handle readlink system call failing in a friendlier way for detection of the camera service executable</li>
                         <li>Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro: add back Pixel charger mode image overrides removed in the <a href="#2022101600">2022101600</a> release (fallback images aren't included on the Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7 and Pixel 7 Pro so these images were completely missing on those devices)
                         <li>backport fix for crosvm locking up after suspend/resume</li>