2024-05-10 23:18:36 -04:00
|
|
|
## Copyright (C) 2023 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
2023-10-22 09:36:03 -04:00
|
|
|
## See the file COPYING for copying conditions.
|
|
|
|
|
|
2024-07-17 11:40:51 -04:00
|
|
|
## Remount Secure provides enhanced security via mount options:
|
2023-10-22 09:36:03 -04:00
|
|
|
## https://www.kicksecure.com/wiki/Security-misc#Remount_Secure
|
|
|
|
|
|
2024-07-14 11:56:25 -04:00
|
|
|
## Option A (No Security):
|
2023-10-22 16:12:26 -04:00
|
|
|
## Disable Remount Secure.
|
2024-07-14 11:56:25 -04:00
|
|
|
##
|
2023-10-22 16:22:08 -04:00
|
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=0"
|
2023-10-22 09:36:03 -04:00
|
|
|
|
2024-07-14 11:56:25 -04:00
|
|
|
## Option B (Low Security):
|
|
|
|
|
## Re-mount with nodev and nosuid only.
|
|
|
|
|
##
|
2023-10-22 16:22:08 -04:00
|
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=1"
|
2023-10-22 16:12:26 -04:00
|
|
|
|
2024-07-14 11:56:25 -04:00
|
|
|
## Option C (Medium Security):
|
|
|
|
|
## Re-mount with nodev, nosuid, and noexec for most mount points, excluding /home.
|
|
|
|
|
##
|
2023-10-22 16:22:08 -04:00
|
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=2"
|
2023-10-22 16:12:26 -04:00
|
|
|
|
2024-07-17 11:40:51 -04:00
|
|
|
## Option D (Highest Security):
|
2024-07-17 08:39:20 -04:00
|
|
|
## Re-mount with nodev, nosuid, and noexec for all mount points including /home.
|
2024-07-14 11:56:25 -04:00
|
|
|
##
|
2023-10-22 16:22:08 -04:00
|
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=3"
|
