diff options
Diffstat (limited to 'pkgs/os-specific/linux/kernel/common-config.nix')
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index fb583551f1b..1aedcdc7c0f 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -562,6 +562,13 @@ let KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; # randomized slab caches RANDOM_KMALLOC_CACHES = whenAtLeast "6.6" yes; + + # NIST SP800-90A DRBG modes - enabled by most distributions + # and required by some out-of-tree modules (ShuffleCake) + # This does not include the NSA-backdoored Dual-EC mode from the same NIST publication. + CRYPTO_DRBG_HASH = yes; + CRYPTO_DRBG_CTR = yes; + } // optionalAttrs stdenv.hostPlatform.isx86_64 { # Enable Intel SGX X86_SGX = whenAtLeast "5.11" yes; |