Merge remote-tracking branch 'raja/trixie_docs' into arraybolt3/trixie

2025-11-27 16:40:53 -05:00 · 2025-08-16 21:10:19 -05:00 · 2025-08-16 21:10:19 -05:00 · 7a8dfa528c
commit 7a8dfa528c
parent cba16879ef 1f75426f07
2 changed files with 2 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -223,7 +223,7 @@ Kernel space:
 - Use kCFI as the default CFI implementation as it is more resilient to attacks that are
  able to write arbitrary executables into memory omitting the necessary hash validation.
- Optional - Disable support for all x86 processes and syscalls to reduce attack surface.
+- Optional - Disable support for all 32-bit x86 processes and syscalls to reduce attack surface.
 - Disable the EFI persistent storage feature which prevents the kernel from writing crash logs
  and other persistent data to either the UEFI variable storage or ACPI ERST backends.
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@ -206,7 +206,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vdso32=0"
 ##
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX cfi=kcfi"
-## Disable support for x86 processes and syscalls.
+## Disable support for all 32-bit x86 processes and syscalls.
 ## Unconditionally disables IA32 emulation to substantially reduce attack surface.
 ##
 ## https://lore.kernel.org/all/20230623111409.3047467-7-nik.borisov@suse.com/