From 11382881b56556741fad5f0291ccb57a24e9c617 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Sun, 22 Oct 2023 16:12:26 -0400
Subject: [PATCH] comments

---
 etc/default/grub.d/40_remmount-secure.cfg | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/etc/default/grub.d/40_remmount-secure.cfg b/etc/default/grub.d/40_remmount-secure.cfg
index b012d6d..76e9f45 100644
--- a/etc/default/grub.d/40_remmount-secure.cfg
+++ b/etc/default/grub.d/40_remmount-secure.cfg
@@ -3,8 +3,14 @@
 
 ## https://www.kicksecure.com/wiki/Security-misc#Remount_Secure
 
-## Re-mount with nodev, nosuid.
-#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=1"
+## Disable Remount Secure.
+#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure="0"
 
-## Re-mount with nodev, nosuid, noexec.
-#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=noexec"
+## Re-mount with nodev, nosuid only.
+#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure="1"
+
+## Re-mount with nodev, nosuid and most with noexec except for /home.
+#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure="2"
+
+## Re-mount with nodev, nosuid and all with noexec including /home.
+#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure="3"