diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2019-01-05 13:50:36 +0100 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2019-01-05 14:07:39 +0100 |
| commit | 167578163a5031e8d7519b010824499db73fa62f (patch) | |
| tree | 17f2a24618eb7a10dab6123ffe11377472fd2a55 /nixos | |
| parent | 3f1f44312536ef93b3591cabe141166cac23b8db (diff) | |
| download | nixlib-167578163a5031e8d7519b010824499db73fa62f.tar nixlib-167578163a5031e8d7519b010824499db73fa62f.tar.gz nixlib-167578163a5031e8d7519b010824499db73fa62f.tar.bz2 nixlib-167578163a5031e8d7519b010824499db73fa62f.tar.lz nixlib-167578163a5031e8d7519b010824499db73fa62f.tar.xz nixlib-167578163a5031e8d7519b010824499db73fa62f.tar.zst nixlib-167578163a5031e8d7519b010824499db73fa62f.zip | |
nixos/hardened profile: always enable pti
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/profiles/hardened.nix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index aa9ea2c9a357..9ab2ee87a19e 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -40,6 +40,9 @@ with lib; # Disable legacy virtual syscalls "vsyscall=none" + + # Enable PTI even if CPU claims to be safe from meltdown + "pti=on" ]; boot.blacklistedKernelModules = [ |