2024-12-08 16:21:27 +07:00
|
|
|
## Copyright (C) 2024 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
|
|
|
|
## See the file COPYING for copying conditions.
|
|
|
|
|
|
|
|
|
|
## Definitions:
|
|
|
|
|
## KSPP=yes: compliant with recommendations by the KSPP
|
|
|
|
|
## KSPP=partial: partially compliant with recommendations by the KSPP
|
|
|
|
|
## KSPP=no: not (currently) compliant with recommendations by the KSPP
|
|
|
|
|
## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
|
|
|
|
|
|
2024-12-17 18:40:38 +07:00
|
|
|
## Disable access to single-user (recovery) mode.
|
|
|
|
|
##
|
2024-12-08 16:21:27 +07:00
|
|
|
## https://forums.kicksecure.com/t/remove-linux-recovery-mode-boot-option-from-default-grub-boot-menu/727
|
2024-12-17 18:40:38 +07:00
|
|
|
##
|
|
|
|
|
GRUB_DISABLE_RECOVERY="true"
|
2024-12-08 16:21:27 +07:00
|
|
|
|
|
|
|
|
## Disable access to Dracut's recovery console.
|
2024-12-17 18:40:38 +07:00
|
|
|
##
|
2024-12-08 16:21:27 +07:00
|
|
|
## https://forums.kicksecure.com/t/harden-dracut-initramfs-generator-by-disabling-recovery-console/724
|
2024-12-17 18:40:38 +07:00
|
|
|
##
|
|
|
|
|
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT rd.emergency=halt"
|
|
|
|
|
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT rd.shell=0"
|
