diff options
author | Graham Christensen <graham@grahamc.com> | 2022-03-24 09:14:53 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-24 09:14:53 -0400 |
commit | e492708e2f1c1748392edc9552d5aac7b47c31d0 (patch) | |
tree | b5eca6c656d951be92a08215e40cd1d99b60c084 /pkgs/os-specific | |
parent | 174c3e17413f5cab4992d2e30e3ba31bfb17464a (diff) | |
parent | a5c28278f9e49cfebad8c655f35956228c48be60 (diff) |
Merge pull request #165355 from NixOS/random-trust-bootloader
kernel: enable RANDOM_TRUST_BOOTLOADER on >= 5.4
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index ce6123a10f7f3..d3aeea3ec6210 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -479,6 +479,7 @@ let DEFAULT_SECURITY_APPARMOR = yes; RANDOM_TRUST_CPU = whenAtLeast "4.19" yes; # allow RDRAND to seed the RNG + RANDOM_TRUST_BOOTLOADER = whenAtLeast "5.4" yes; # allow the bootloader to seed the RNG MODULE_SIG = no; # r13y, generates a random key during build and bakes it in # Depends on MODULE_SIG and only really helps when you sign your modules |