diff --git a/etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared b/etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
index 39b04c5..c8209f5 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
+++ b/etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
@@ -288,6 +288,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi=disable_early_pci_dma"
 ## The RNG seed passed by the bootloader could also potentially be tampered.
 ## Maximizing the entropy pool at boot is desirable for all cryptographic operations.
 ## These settings ensure additional entropy is obtained from other sources to initialize the RNG.
+## RDSEED instructions also rely on periodic reseeds from the same underlying entropy sources.
 ## Note that distrusting these (relatively fast) sources of entropy will increase boot time.
 ##
 ## https://en.wikipedia.org/wiki/RDRAND#Reception
@@ -299,6 +300,8 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi=disable_early_pci_dma"
 ## https://forums.whonix.org/t/entropy-config-random-trust-cpu-yes-or-no-rng-core-default-quality/8566
 ## https://github.com/NixOS/nixpkgs/pull/165355
 ## https://lkml.org/lkml/2022/6/5/271
+## https://lwn.net/Articles/961121/
+## https://lore.kernel.org/lkml/aPFDn-4Cm6n0_3_e@gourry-fedora-PF4VCD3F/
 ##
 ## KSPP=yes
 ## KSPP sets CONFIG_RANDOM_TRUST_BOOTLOADER=y and CONFIG_RANDOM_TRUST_CPU=y.