nixpkgs/nixos/modules/profiles
Joachim Fasting ea4f371627
nixos/security/misc: expose SMT control option
For the hardened profile disable symmetric multi threading.  There seems to be
no *proven* method of exploiting cache sharing between threads on the same CPU
core, so this may be considered quite paranoid, considering the perf cost.
SMT can be controlled at runtime, however.  This is in keeping with OpenBSD
defaults.

TODO: since SMT is left to be controlled at runtime, changing the option
definition should take effect on system activation.  Write to
/sys/devices/system/cpu/smt/control
2018-12-27 15:00:49 +01:00
..
all-hardware.nix usb-storage -> uas 2018-08-23 01:42:34 +00:00
base.nix Revert "zfs cannot be distributed. Disabling it in the isos." 2018-11-26 17:51:18 -05:00
clone-config.nix ova: add cloneConfigExtra option 2018-10-21 14:52:49 -05:00
demo.nix
docker-container.nix use closure-info for building system tarball 2018-11-07 12:52:53 +08:00
graphical.nix Merge pull request #47296 from matthewbauer/closure-size-reductions 2018-09-24 23:21:02 +02:00
hardened.nix nixos/security/misc: expose SMT control option 2018-12-27 15:00:49 +01:00
headless.nix
installation-device.nix installation-device: set GC initial heap size to 1MB 2018-10-28 10:48:00 +01:00
minimal.nix nixos: doc: fix minimal profile and installer configs 2018-09-24 21:07:59 +00:00
qemu-guest.nix