diff options
author | Marek Mahut <marek.mahut@gmail.com> | 2019-07-19 15:49:37 +0200 |
---|---|---|
committer | Marek Mahut <marek.mahut@gmail.com> | 2019-07-19 15:49:37 +0200 |
commit | e72f25673df16021bc91bfa6a92d10bacf33055b (patch) | |
tree | 3cf4383e7839b202171aaf292d40fdb696a2589b /nixos/modules/security/misc.nix | |
parent | 663542ad0483131e8c36742283191a8f40a7363d (diff) | |
download | nixpkgs-e72f25673df16021bc91bfa6a92d10bacf33055b.tar nixpkgs-e72f25673df16021bc91bfa6a92d10bacf33055b.tar.gz nixpkgs-e72f25673df16021bc91bfa6a92d10bacf33055b.tar.bz2 nixpkgs-e72f25673df16021bc91bfa6a92d10bacf33055b.tar.lz nixpkgs-e72f25673df16021bc91bfa6a92d10bacf33055b.tar.xz nixpkgs-e72f25673df16021bc91bfa6a92d10bacf33055b.tar.zst nixpkgs-e72f25673df16021bc91bfa6a92d10bacf33055b.zip |
Renaming security.virtualization.flushL1DataCache to virtualisation
Fixes #65044
Diffstat (limited to 'nixos/modules/security/misc.nix')
-rw-r--r-- | nixos/modules/security/misc.nix | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix index bf474ac0a54..2a7f07ef6db 100644 --- a/nixos/modules/security/misc.nix +++ b/nixos/modules/security/misc.nix @@ -48,13 +48,13 @@ with lib; e.g., shared caches). This attack vector is unproven. Disabling SMT is a supplement to the L1 data cache flushing mitigation - (see <xref linkend="opt-security.virtualization.flushL1DataCache"/>) + (see <xref linkend="opt-security.virtualisation.flushL1DataCache"/>) versus malicious VM guests (SMT could "bring back" previously flushed data). ''; }; - security.virtualization.flushL1DataCache = mkOption { + security.virtualisation.flushL1DataCache = mkOption { type = types.nullOr (types.enum [ "never" "cond" "always" ]); default = null; description = '' @@ -114,8 +114,8 @@ with lib; boot.kernelParams = [ "nosmt" ]; }) - (mkIf (config.security.virtualization.flushL1DataCache != null) { - boot.kernelParams = [ "kvm-intel.vmentry_l1d_flush=${config.security.virtualization.flushL1DataCache}" ]; + (mkIf (config.security.virtualisation.flushL1DataCache != null) { + boot.kernelParams = [ "kvm-intel.vmentry_l1d_flush=${config.security.virtualisation.flushL1DataCache}" ]; }) ]; } |