diff options
author | K900 <me@0upti.me> | 2023-10-30 11:11:15 +0300 |
---|---|---|
committer | K900 <me@0upti.me> | 2023-10-30 11:11:15 +0300 |
commit | be33098cfffff918ac527888058436ee193b6cd6 (patch) | |
tree | 00b293ba289eec39c0cf44e81d54106da85b7235 | |
parent | 419eba9ab1a86c5fb01cee802ee47120c8efa78f (diff) | |
download | nixpkgs-be33098cfffff918ac527888058436ee193b6cd6.tar nixpkgs-be33098cfffff918ac527888058436ee193b6cd6.tar.gz nixpkgs-be33098cfffff918ac527888058436ee193b6cd6.tar.bz2 nixpkgs-be33098cfffff918ac527888058436ee193b6cd6.tar.lz nixpkgs-be33098cfffff918ac527888058436ee193b6cd6.tar.xz nixpkgs-be33098cfffff918ac527888058436ee193b6cd6.tar.zst nixpkgs-be33098cfffff918ac527888058436ee193b6cd6.zip |
linux/common-config: enable new security features for 6.6
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index ceb34fe0c76..0f59d3ac7aa 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -558,6 +558,8 @@ let PERSISTENT_KEYRINGS = yes; # enable temporary caching of the last request_key() result KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; + # randomized slab caches + RANDOM_KMALLOC_CACHES = whenAtLeast "6.6" yes; } // optionalAttrs stdenv.hostPlatform.isx86_64 { # Enable Intel SGX X86_SGX = whenAtLeast "5.11" yes; @@ -572,6 +574,8 @@ let KVM_AMD_SEV = yes; # AMD SEV-SNP SEV_GUEST = whenAtLeast "5.19" module; + # Shadow stacks + X86_USER_SHADOW_STACK = whenAtLeast "6.6" yes; }; microcode = { |