2024-05-11 10:18:36 +07:00
|
|
|
## Copyright (C) 2023 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
2023-10-22 20:36:03 +07:00
|
|
|
## See the file COPYING for copying conditions.
|
|
|
|
|
|
2024-07-17 22:40:51 +07:00
|
|
|
## Remount Secure provides enhanced security via mount options:
|
2023-10-22 20:36:03 +07:00
|
|
|
## https://www.kicksecure.com/wiki/Security-misc#Remount_Secure
|
|
|
|
|
|
2024-07-14 22:56:25 +07:00
|
|
|
## Option A (No Security):
|
2023-10-23 03:12:26 +07:00
|
|
|
## Disable Remount Secure.
|
2024-07-14 22:56:25 +07:00
|
|
|
##
|
2023-10-23 03:22:08 +07:00
|
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=0"
|
2023-10-22 20:36:03 +07:00
|
|
|
|
2024-07-14 22:56:25 +07:00
|
|
|
## Option B (Low Security):
|
|
|
|
|
## Re-mount with nodev and nosuid only.
|
|
|
|
|
##
|
2023-10-23 03:22:08 +07:00
|
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=1"
|
2023-10-23 03:12:26 +07:00
|
|
|
|
2024-07-14 22:56:25 +07:00
|
|
|
## Option C (Medium Security):
|
|
|
|
|
## Re-mount with nodev, nosuid, and noexec for most mount points, excluding /home.
|
|
|
|
|
##
|
2023-10-23 03:22:08 +07:00
|
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=2"
|
2023-10-23 03:12:26 +07:00
|
|
|
|
2024-07-17 22:40:51 +07:00
|
|
|
## Option D (Highest Security):
|
2024-07-17 19:39:20 +07:00
|
|
|
## Re-mount with nodev, nosuid, and noexec for all mount points including /home.
|
2024-07-14 22:56:25 +07:00
|
|
|
##
|
2023-10-23 03:22:08 +07:00
|
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=3"
|
