What’s New in Linux Kernel 5.4? Key Features, Security Lockdown & exFAT Support

Kernel Lockdown for Enhanced Security

The 5.4 kernel introduces a kernel lockdown feature that restricts access to privileged kernel functionality. When enabled, even a process with full root privileges cannot load unsigned modules, modify kernel code, or invoke certain syscalls that could compromise the integrity or confidentiality of the running kernel.

Two lockdown modes are defined:

Integrity mode – disables kernel functions that can modify the running kernel (e.g., module loading, kexec, ftrace, bpf loading of privileged programs).

Confidentiality mode – adds the restrictions of integrity mode and additionally disables functions that could expose kernel secrets (e.g., access to raw memory via /dev/mem, certain debugfs entries).

The mode is selected at boot via the kernel command‑line option lockdown=integrity or lockdown=confidentiality, and the feature is gated by the configuration option CONFIG_LOCK_DOWN_KERNEL. By default the lockdown module is disabled, and it is primarily targeted at device manufacturers and enterprise‑focused Linux distributions.

Native exFAT Filesystem Support

Microsoft has released the exFAT source code under an open licence. Linux kernel 5.4 incorporates this code as a built‑in driver, eliminating the need for external userspace libraries (such as exfat-fuse or exfat-utils) to mount or format exFAT volumes. The driver is enabled with the configuration option CONFIG_EXFAT_FS and supports standard exFAT features, including large (>4 GB) files and modern allocation policies.

Other Notable Additions in Linux 5.4

Support for Qualcomm Snapdragon 855 System‑on‑Chip.

Updated graphics drivers for recent AMD and Intel GPUs.

Improved ARM client support, allowing the mainline kernel to run on a broader range of ARM devices.

Intel Ice Lake Thunderbolt controller support.

Driver for the FlySky FS‑iA6B UAV receiver.

VirtIO‑FS implementation, enabling efficient file and directory sharing between host and guest in virtual machines.

Enhanced FSCRYPT support for per‑file encryption.

Various bug fixes and performance improvements for existing filesystems, including Btrfs.

The Linux 5.4 release is scheduled for the end of November 2019.