An area of potential hardening involves removing debug interfaces like `debugfs` that could expose the kernel at boot. I am proposing adding the following command line option: ``` debugfs=off ```