From 1f75426f079d6e0aecd8fac22088ad36a7c16398 Mon Sep 17 00:00:00 2001
From: raja-grewal <rg_public@proton.me>
Date: Sat, 16 Aug 2025 02:20:00 +0000
Subject: [PATCH] Clarify docs for disabling 32-bit x86 support

---
 README.md                                  | 2 +-
 etc/default/grub.d/40_kernel_hardening.cfg | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e853332..2239824 100644
--- a/README.md
+++ b/README.md
@@ -224,7 +224,7 @@ Kernel space:
   since it may be slightly more resilient to attacks that are able to write
   arbitrary executables in memory.
 
-- Optional - Disable support for all x86 processes and syscalls to reduce attack surface.
+- Optional - Disable support for all 32-bit x86 processes and syscalls to reduce attack surface.
 
 - Disable the EFI persistent storage feature which prevents the kernel from writing crash logs
   and other persistent data to either the UEFI variable storage or ACPI ERST backends.
diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg
index 1f3cc7c..0e6cbfe 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@@ -210,7 +210,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vdso32=0"
 ##
 #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX cfi=kcfi"
 
-## Disable support for x86 processes and syscalls.
+## Disable support for all 32-bit x86 processes and syscalls.
 ## Unconditionally disables IA32 emulation to substantially reduce attack surface.
 ##
 ## https://lore.kernel.org/all/20230623111409.3047467-7-nik.borisov@suse.com/