diff options
| author | Vincent Haupert <mail@vincent-haupert.de> | 2021-11-29 08:03:26 +0100 |
|---|---|---|
| committer | Vincent Haupert <mail@vincent-haupert.de> | 2021-11-29 08:03:26 +0100 |
| commit | 1f65b4c41697b20d5efb3fa4282760f32e5546ae (patch) | |
| tree | cf9bdfa6c3511588b39e78aa5a2e83dc9c6f858c /pkgs/os-specific/linux/kernel/common-config.nix | |
| parent | f4c450e862928000144e823c643bf218ebd498d2 (diff) | |
| download | nixpkgs-1f65b4c41697b20d5efb3fa4282760f32e5546ae.tar nixpkgs-1f65b4c41697b20d5efb3fa4282760f32e5546ae.tar.gz nixpkgs-1f65b4c41697b20d5efb3fa4282760f32e5546ae.tar.bz2 nixpkgs-1f65b4c41697b20d5efb3fa4282760f32e5546ae.tar.lz nixpkgs-1f65b4c41697b20d5efb3fa4282760f32e5546ae.tar.xz nixpkgs-1f65b4c41697b20d5efb3fa4282760f32e5546ae.tar.zst nixpkgs-1f65b4c41697b20d5efb3fa4282760f32e5546ae.zip | |
linux: enable X86_SGX and X86_SGX_KVM on x86
Enable Intel Software Guard eXtensions (SGX) on x86 when using Linux 5.11.0 or later. Also enable KVM guests to create SGX enclaves if running Linux 5.13.0 or later.
Diffstat (limited to 'pkgs/os-specific/linux/kernel/common-config.nix')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 9ddb4ef3800..ebaec16d6d9 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -473,6 +473,11 @@ let # Detect buffer overflows on the stack CC_STACKPROTECTOR_REGULAR = {optional = true; tristate = whenOlder "4.18" "y";}; + } // optionalAttrs stdenv.hostPlatform.isx86 { + # Enable Intel SGX + X86_SGX = whenAtLeast "5.11" yes; + # Allow KVM guests to load SGX enclaves + X86_SGX_KVM = whenAtLeast "5.13" yes; }; microcode = { |