cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enable 32bit emulation in hardened kernel

Browse source
This commit is contained in:
Cyryl Płotnicki 2019-07-18 23:50:46 +01:00
parent 92a7016539
commit 0cd87a03ff
3 changed files with 27 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
nixos/boxes/foureighty.nix
View file

@ -13,11 +13,29 @@
"cryptd"
];
kernelParams = [
"i915.enable_fbc=1"
"i915.enable_psr=2"
"i915.enable_rc6=7"
"mds=full"
];
kernelPatches = [ {
name = "native";
patch = null;
extraConfig = ''
SLAB_FREELIST_RANDOM y
SLAB_FREELIST_HARDENED y
REFCOUNT_FULL y
MODVERSIONS y
GENERIC_CPU n
MCORE2 y
X86_INTEL_USERCOPY y
X86_USE_PPRO_CHECKSUM y
X86_P6_NOP y
X86_INTEL_MPX y
KEXEC n
IA32_EMULATION y
X86_X32 y
'';
} ];
initrd.luks.devices = [
{
name = "root";
@ -30,6 +48,7 @@
efiSupport = true;
};
loader.efi.canTouchEfiVariables = true;
};
time.hardwareClockInLocalTime = true;
@ -38,6 +57,8 @@
hardware.trackpoint.enable = true;
services.fprintd.enable = true;
hardware.bumblebee.enable = true;
imports = [
/etc/nixos/hardware-configuration.nix
../quirks/thinkpad-cpu-throttling.nix

5
nixos/common-hardware.nix
View file

@ -20,7 +20,8 @@
Enable=Source,Sink,Media,Socket
'';
};
powerManagement.cpuFreqGovernor = (lib.mkForce null);
hardware.nvidiaOptimus.disable = true;
powerManagement.cpuFreqGovernor = (lib.mkForce null);
powerManagement.powertop.enable = true;
}

21
nixos/kernel-patches
View file

@ -1,21 +0,0 @@
kernelPatches = [ {
name = "native";
patch = null;
extraConfig = ''
SLAB_FREELIST_RANDOM y
SLAB_FREELIST_HARDENED y
CC_STACKPROTECTOR_REGULAR n
CC_STACKPROTECTOR_STRONG y
REFCOUNT_FULL y
MODVERSIONS y
GENERIC_CPU n
MCORE2 y
INTEL_RDT y
X86_INTEL_USERCOPY y
X86_USE_PPRO_CHECKSUM y
X86_P6_NOP y
X86_INTEL_MPX y
KEXEC n
'';
} ];