minor

etc/default/grub.d/40_cpu_mitigations.cfg

@@ -109,9 +109,9 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX retbleed=auto,nosmt"
 ##
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX gather_data_sampling=force"
 
-## Enable Register File Data Sampling (RFDS) mitigation on Intel Atom CPUs which 
+## Enable Register File Data Sampling (RFDS) mitigation on Intel Atom CPUs which
 ## encompasses E-cores on hybrid architectures.
 ##
 ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/reg-file-data-sampling.html
 ##
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX reg_file_data_sampling=on"
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX reg_file_data_sampling=on"

etc/default/grub.d/40_kernel_hardening.cfg

@@ -82,7 +82,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off"
 ## Can sometimes potentially indicate and thwart certain kernel exploitation attempts.
 ## Also cause panics on machine check exceptions.
 ## Panics may be due to false-positives such as bad drivers.
-## 
+##
 ## https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713
 ##
 ## See /usr/libexec/security-misc/panic-on-oops for implementation.
@@ -157,7 +157,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi=disable_early_pci_dma"
 
 ## Do not credit the CPU or bootloader seeds as entropy sources at boot.
 ## The RDRAND CPU (RNG) instructions are proprietary and closed-source.
-## Numerous implementations of RDRAND have a long history of being defective. 
+## Numerous implementations of RDRAND have a long history of being defective.
 ## The RNG seed passed by the bootloader could also potentially be tampered.
 ## Maximising the entropy pool at boot is desirable for all cryptographic operations.
 ## These settings ensure additional entropy is obtained from other sources to initialise the RNG.
@@ -191,10 +191,10 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX extra_latent_entropy"
 
 ## Disable the entire IPv6 stack functionality.
 ## Removes attack surface associated with the IPv6 module.
-## 
+##
 ## https://www.kernel.org/doc/html/latest/networking/ipv6.html
 ## https://wiki.archlinux.org/title/IPv6#Disable_IPv6
 ##
 ## Enabling makes redundant many network hardening sysctl's in usr/lib/sysctl.d/990-security-misc.conf.
 ##
-#ipv6.disable=1
+#ipv6.disable=1

etc/default/grub.d/40_remount_secure.cfg

@@ -1,7 +1,7 @@
 ## Copyright (C) 2023 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
 ## See the file COPYING for copying conditions.
 
-## Remount Secure provides enhanced security via mmount options: 
+## Remount Secure provides enhanced security via mmount options:
 ## https://www.kicksecure.com/wiki/Security-misc#Remount_Secure
 
 ## Option A (No Security):
@@ -20,6 +20,6 @@
 #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=2"
 
 ## Option D (Highest Security)
-## Re-mount with nodev, nosuid, and noexec for all mount points including /home. 
+## Re-mount with nodev, nosuid, and noexec for all mount points including /home.
 ##
 #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=3"

etc/default/grub.d/41_quiet_boot.cfg

@@ -26,4 +26,4 @@ GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT quiet"
 
 ## For Increased Log Verbosity:
 ## Adjust (or comment out) the kernel.printk sysctl in /usr/lib/sysctl.d/30_silent-kernel-printk.conf.
-## Alternatively, installing the debug-misc package will undo these settings.
+## Alternatively, installing the debug-misc package will undo these settings.