comments

etc/modprobe.d/30_security-misc_disable.conf

@@ -1,7 +1,7 @@
 ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
 ## See the file COPYING for copying conditions.
 
-## See the following links for a community discussion and overview regarding the selections.
+## See the following links for a community discussion and overview regarding the selections:
 ## https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989
 ## https://madaidans-insecurities.github.io/guides/linux-hardening.html#kasr-kernel-modules
 
@@ -17,11 +17,11 @@
 ## 1. Hardware:
 
 ## Bluetooth:
-## Disable Bluetooth to reduce attack surface due to extended history of security vulnerabilities.
+## Disable Bluetooth to reduce the attack surface due to its long history of security vulnerabilities.
 ##
 ## https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns
 ##
-## Now replaced by a privacy and security preserving default Bluetooth configuration for better usability.
+## Now replaced with a privacy- and security-preserving default Bluetooth configuration for better usability.
 ## https://github.com/Kicksecure/security-misc/pull/145
 ##
 #install bluetooth /usr/bin/disabled-bluetooth-by-security-misc
@@ -43,7 +43,7 @@
 #install virtio_bt /usr/bin/disabled-bluetooth-by-security-misc
 
 ## FireWire (IEEE 1394):
-## Disable IEEE 1394 (FireWire/i.LINK/Lynx) modules to prevent some DMA attacks.
+## Disable IEEE 1394 (FireWire/i.LINK/Lynx) modules to prevent certain DMA attacks.
 ##
 ## https://en.wikipedia.org/wiki/IEEE_1394#Security_issues
 ##
@@ -70,9 +70,9 @@ install gnss-usb /usr/bin/disabled-gps-by-security-misc
 
 ## Intel Management Engine (ME):
 ## Partially disable the Intel ME interface with the OS.
-## ME functionality has increasing become more intertwined with basic Intel system operation.
+## ME functionality has increasingly become intertwined with basic Intel system operation.
-## Disabling may lead to breakages in numerous places without clear debugging/error messages.
+## Disabling it may lead to breakages in various components without clear debugging/error messages.
-## May cause issues with firmware updates, security, power management, display, and DRM.
+## It may affect firmware updates, security, power management, display, and DRM.
 ##
 ## https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html
 ## https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities
@@ -94,7 +94,7 @@ install gnss-usb /usr/bin/disabled-gps-by-security-misc
 #install microread_mei /usr/bin/disabled-intelme-by-security-misc
 
 ## Intel Platform Monitoring Technology (PMT) Telemetry:
-## Disable some functionality of the Intel PMT components.
+## Disable certain functionalities of the Intel PMT components.
 ##
 ## https://github.com/intel/Intel-PMT
 ##
@@ -103,7 +103,7 @@ install pmt_crashlog /usr/bin/disabled-intelpmt-by-security-misc
 install pmt_telemetry /usr/bin/disabled-intelpmt-by-security-misc
 
 ## Thunderbolt:
-## Disables Thunderbolt modules to prevent some DMA attacks.
+## Disable Thunderbolt modules to prevent certain DMA attacks.
 ##
 ## https://en.wikipedia.org/wiki/Thunderbolt_(interface)#Security_vulnerabilities
 ##