I was just reading the Exploit Projections section in the Features overview, and saw this bit (emphasis added):
Forced kernel module signing with per-build RSA 4096 / SHA256 keys and lockdown mode set to forced confidentiality mode help to enforce a low-level boundary between the kernel and userspace even if mistakes are made in SELinux policy or there's a deep userspace compromise.
What does it mean when it says lockdown mode set to forced confidentiality mode?
In regular Android, Lockdown Mode disables notifications, and removes face/fingerprint sign on, and other smart sign on methods such as Bluetooth and location, which don't exist in GrapheneOS. What are the effects of setting a device running GrapheneOS to Lockdown Mode?