## Copyright (C) 2023 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## Definitions:
## KSPP=yes: compliant with recommendations by the KSPP
## KSPP=partial: partially compliant with recommendations by the KSPP
## KSPP=no: not (currently) compliant with recommendations by the KSPP
## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.

## Remount Secure provides enhanced security via mount options:
## https://www.kicksecure.com/wiki/Security-misc#Remount_Secure

## Option A (No Security):
## Disable Remount Secure.
##
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=0"

## Option B (Low Security):
## Re-mount with nodev and nosuid only.
##
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=1"

## Option C (Medium Security):
## Re-mount with nodev, nosuid, and noexec for most mount points, excluding /home.
##
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=2"

## Option D (Highest Security):
## Re-mount with nodev, nosuid, and noexec for all mount points including /home.
##
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=3"