From 96e66ebad4a49a2e5274d222442aff9fec1e4bba Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Thu, 18 Jul 2024 10:06:41 +0200
Subject: [PATCH] feat: Add several boot options in hardware config

Multiple boot options have been added in the hardware-configuration for the x86_64-linux system. This includes unsafe secrets mitigation options, such as 'noibrs', 'noibpb', 'nopti', etc., to potentially enhance system performance.
---
 .../x86_64-linux/t15/hardware-configuration.nix  | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/systems/x86_64-linux/t15/hardware-configuration.nix b/systems/x86_64-linux/t15/hardware-configuration.nix
index 9e1a63a..01c2a9e 100644
--- a/systems/x86_64-linux/t15/hardware-configuration.nix
+++ b/systems/x86_64-linux/t15/hardware-configuration.nix
@@ -34,7 +34,21 @@
     "quiet"
     "splash"
     "video=efifb:nobgrt"
-  ];
+
+    # unsafe, but no secrets on that machine
+    "noibrs"
+    "noibpb"
+    "nopti"
+    "nospectre_v2"
+    "nospectre_v1"
+    "l1tf=off"
+    "nospec_store_bypass_disable"
+    "no_stf_barrier"
+    "mds=off"
+    "tsx=on"
+    "tsx_async_abort=off"
+    "mitigations=off"
+    ];
 
   boot.extraModulePackages = [ ];