diff options
Diffstat (limited to 'pkgs/os-specific/linux/kernel/common-config.nix')
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index fb583551f1b..2954ee8f78b 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -562,6 +562,13 @@ let KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; # randomized slab caches RANDOM_KMALLOC_CACHES = whenAtLeast "6.6" yes; + + # NIST SP800-90A DRBG modes - enabled by most distributions + # and required by some out-of-tree modules (ShuffleCake) + # This does not include the NSA-backdoored Dual-EC mode from the same NIST publication. + CRYPTO_DRBG_HASH = yes; + CRYPTO_DRBG_CTR = yes; + } // optionalAttrs stdenv.hostPlatform.isx86_64 { # Enable Intel SGX X86_SGX = whenAtLeast "5.11" yes; @@ -715,7 +722,6 @@ let ZSWAP = option yes; ZPOOL = yes; ZBUD = option yes; - ZSMALLOC = module; }; brcmfmac = { @@ -839,6 +845,8 @@ let CLEANCACHE = whenOlder "5.17" (option yes); CRASH_DUMP = option no; + FSCACHE_STATS = yes; + DVB_DYNAMIC_MINORS = option yes; # we use udev EFI_STUB = yes; # EFI bootloader in the bzImage itself |