remove Debian buster support in /etc/default/grub.d

etc/default/grub.d/40_kernel_hardening.cfg

@@ -9,26 +9,12 @@ kver="$(dpkg-query --show --showformat='${Version}' "$kpkg")" 2>/dev/null || tru
 ## Sometimes a slab can be used in a vulnerable way which an attacker can exploit.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
 
-if dpkg --compare-versions "$kver" ge "5.3"; then
+## Enables sanity checks (F) and redzoning (Z).
-  ## Enables sanity checks (F) and redzoning (Z).
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZ"
-  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZ"
 
-  #echo "## $kver grater or equal 5.3: yes"
+echo "## $kver grater or equal 5.3: yes"
-  ## Zero memory at allocation and free time.
+## Zero memory at allocation and free time.
-  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX init_on_alloc=1 init_on_free=1"
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX init_on_alloc=1 init_on_free=1"
-else
-  #echo "## $kver grater or equal 5.3: no"
-  ## SLUB poisoning and page poisoning is used if the kernel
-  ## does not yet support init_on_{,alloc,free}.
-  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZP"
-
-  if command -v "qubesdb-read" >/dev/null 2>&1 ; then
-     ## https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012
-     true "skip adding page_poison=1 in Qubes"
-  else
-     GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_poison=1"
-  fi
-fi
 
 ## Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
@@ -40,9 +26,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on"
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vsyscall=none"
 
 ## Enables page allocator freelist randomization.
-if dpkg --compare-versions "${kver}" ge "5.2"; then
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_alloc.shuffle=1"
-  GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_alloc.shuffle=1"
-fi
 
 ## Enables kernel lockdown.
 ##