diff --git a/etc/default/grub.d/40_cpu_mitigations.cfg b/etc/default/grub.d/40_cpu_mitigations.cfg
index d40cb956..90a6f80a 100644
--- a/etc/default/grub.d/40_cpu_mitigations.cfg
+++ b/etc/default/grub.d/40_cpu_mitigations.cfg
@@ -167,7 +167,8 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm.mitigate_smt_rsb=1"
 ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html
 ##
 ## The default kernel setting will be utilized until provided sufficient evidence to modify.
-## Using "spec_rstack_overflow=ipbp" may provide stronger security at a greater performance impact.
+## Using "spec_rstack_overflow=ibpb" may provide superior protection to the default software-based approach.
+## The use of hardware barriers may be more effective while possibly incurring a greater performance loss.
 ##
 #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spec_rstack_overflow=safe-ret"