Update description of cfi=kcfi kerenel parameter

etc/default/grub.d/40_kernel_hardening.cfg

@@ -113,14 +113,14 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off"
 #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX quiet"
 
 ## Switch (back) to using kCFI as the default Control Flow Integrity (CFI) implementation.
-## As of Linux kernel 6.2, FineIBT has been selected to be the default implementation.
-## The Intel-developed IBT (Indirect Branch Tracking) is only used if there is support by the CPU.
+## The default implementation is FIneIBT as of Linux kernel 6.2.
+## The Intel-developed IBT (Indirect Branch Tracking) is only used if supported by the CPU.
 ## kCFI is software-only while FineIBT is a hybrid software/hardware implementation.
 ## FineIBT may result in some performance benefits as it only performs checking at destinations.
-## FineIBT is considered weaker against attacks that can write arbitrary executable in memory.
-## Upstream hardening has given users the ability to disable FineIBT based on requests.
+## FineIBT is considered weaker against attacks that can write arbitrary executables into memory.
+## Upstream hardening work has provided users the ability to disable FineIBT based on requests.
 ## Choice of CFI implementation is highly dependent on user threat model as there are pros/cons to both.
-## Do not modify from default if unsure of implications.
+## Do not modify from the default setting if unsure of implications.
 ##
 ## https://lore.kernel.org/all/20221027092842.699804264@infradead.org/
 ## https://lore.kernel.org/lkml/202210010918.4918F847C4@keescook/T/#u
@@ -132,6 +132,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off"
 ## https://lpc.events/event/16/contributions/1315/attachments/1067/2169/cfi.pdf
 ## https://forums.whonix.org/t/kernel-hardening-security-misc/7296/561
 ##
+## TODO: Debian 13 Trixie
 ## Applicable when using Linux kernel >= 6.2 (retained here for future-proofing and completeness).
 ##
 #cfi=kcfi