From 31323f340fa5ce512e44531577f48616ef9da421 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Sat, 3 Aug 2024 16:15:21 +0200 Subject: [PATCH] refactor: streamline kernel boot parameters Remove insecure and redundant kernel boot options. This enhancement improves system security by defaulting to standard mitigations and settings. --- systems/x86_64-linux/t15/default.nix | 1 - .../x86_64-linux/t15/hardware-configuration.nix | 14 -------------- 2 files changed, 15 deletions(-) diff --git a/systems/x86_64-linux/t15/default.nix b/systems/x86_64-linux/t15/default.nix index b65b29e..2997f14 100644 --- a/systems/x86_64-linux/t15/default.nix +++ b/systems/x86_64-linux/t15/default.nix @@ -38,5 +38,4 @@ bits = 4096; } ]; - } diff --git a/systems/x86_64-linux/t15/hardware-configuration.nix b/systems/x86_64-linux/t15/hardware-configuration.nix index 7553f20..2732dbc 100644 --- a/systems/x86_64-linux/t15/hardware-configuration.nix +++ b/systems/x86_64-linux/t15/hardware-configuration.nix @@ -34,20 +34,6 @@ "quiet" "splash" "video=efifb:nobgrt" - - # unsafe, but no secrets on that machine - "noibrs" - "noibpb" - "nopti" - "nospectre_v2" - "nospectre_v1" - "l1tf=off" - "nospec_store_bypass_disable" - "no_stf_barrier" - "mds=off" - "tsx=on" - "tsx_async_abort=off" - "mitigations=off" ]; boot.extraModulePackages = [ ];