From f57702c1589047f5d0eff7a7bdffb928117532f6 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue, 5 Nov 2019 09:55:43 -0500
Subject: [PATCH] comments; copyright

---
 etc/default/grub.d/40_enable_iommu.cfg     |  5 ++++-
 etc/default/grub.d/40_kernel_hardening.cfg | 17 ++++++++++-------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/etc/default/grub.d/40_enable_iommu.cfg b/etc/default/grub.d/40_enable_iommu.cfg
index 8e2baff..1d6dd0a 100644
--- a/etc/default/grub.d/40_enable_iommu.cfg
+++ b/etc/default/grub.d/40_enable_iommu.cfg
@@ -1,2 +1,5 @@
-# Enables IOMMU to prevent DMA attacks.
+## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+## Enables IOMMU to prevent DMA attacks.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX intel_iommu=on amd_iommu=on"
diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg
index 247b880..038a7de 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@@ -1,18 +1,21 @@
-# Disables the merging of slabs of similar sizes. Sometimes a slab can be used in a vulnerable way which an attacker can exploit.
+## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+## Disables the merging of slabs of similar sizes. Sometimes a slab can be used in a vulnerable way which an attacker can exploit.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
 
-# Enables sanity checks (F), redzoning (Z) and poisoning (P).
+## Enables sanity checks (F), redzoning (Z) and poisoning (P).
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZP"
 
-# Wipes free memory so it can't leak in various ways and prevents some use-after-free vulnerabilites.
+## Wipes free memory so it can't leak in various ways and prevents some use-after-free vulnerabilites.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_poison=1"
 
-# Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit.
+## Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
 
-# Enables Kernel Page Table Isolation which mitigates Meltdown and improves KASLR.
+## Enables Kernel Page Table Isolation which mitigates Meltdown and improves KASLR.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on"
 
-# Enables all mitigations for the MDS vulnerability.
-# Disables smt which can be used to exploit the MDS vulnerability.
+## Enables all mitigations for the MDS vulnerability.
+## Disables smt which can be used to exploit the MDS vulnerability.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"