linux-hardened/x86.nix

{ lib, hostPlatform, ... }: with lib.kernel; {
  SCHED_OMIT_FRAME_POINTER = yes;

  X86_FRED = yes;

  PROCESSOR_SELECT = yes;
  CPU_SUP_HYGON = no;
  CPU_SUP_CENTAUR = no;
  CPU_SUP_ZHAOXIN = no;

  SCHED_CLUSTER = yes;
  SCHED_MC_PRIO = yes;

  X86_MCE = yes;
  X86_MCE_INTEL = yes;

  X86_5LEVEL = option no;

  X86_VSYSCALL_EMULATION = no;
  LEGACY_VSYSCALL_NONE = yes;

  X86_INTEL_TSX_MODE_AUTO = option yes;
  X86_USER_SHADOW_STACK = yes;

  EFI_HANDOVER_PROTOCOL = no;

  STRICT_SIGALTSTACK_SIZE = yes;

  CPU_MITIGATIONS = yes;
  MITIGATION_SLS = yes;

  X86_ACPI_CPUFREQ = yes;
  X86_ACPI_CPUFREQ_CPB = option no;

  HPET = yes;
  HPET_MMAP = yes;
  HPET_MMAP_DEFAULT = yes;

  X86_PLATFORM_DEVICES = yes;

  IO_DELAY_NONE = yes;

  X86_DEBUG_FPU = option no;
  UNWINDER_ORC = yes;
}
Reformat code for compactness 2024-08-12 21:12:18 +02:00			`{ lib, hostPlatform, ... }: with lib.kernel; {`
Modularise kernel configuration 2024-08-02 22:14:55 +02:00			`SCHED_OMIT_FRAME_POINTER = yes;`

			`X86_FRED = yes;`

			`PROCESSOR_SELECT = yes;`
			`CPU_SUP_HYGON = no;`
			`CPU_SUP_CENTAUR = no;`
			`CPU_SUP_ZHAOXIN = no;`

			`SCHED_CLUSTER = yes;`
			`SCHED_MC_PRIO = yes;`

			`X86_MCE = yes;`
			`X86_MCE_INTEL = yes;`

			`X86_5LEVEL = option no;`

			`X86_VSYSCALL_EMULATION = no;`
			`LEGACY_VSYSCALL_NONE = yes;`

x86: Mark TSX optional for AMD compatibility 2024-08-03 23:34:14 +02:00			`X86_INTEL_TSX_MODE_AUTO = option yes;`
Modularise kernel configuration 2024-08-02 22:14:55 +02:00			`X86_USER_SHADOW_STACK = yes;`

			`EFI_HANDOVER_PROTOCOL = no;`

			`STRICT_SIGALTSTACK_SIZE = yes;`

			`CPU_MITIGATIONS = yes;`
			`MITIGATION_SLS = yes;`

			`X86_ACPI_CPUFREQ = yes;`
			`X86_ACPI_CPUFREQ_CPB = option no;`

			`HPET = yes;`
			`HPET_MMAP = yes;`
			`HPET_MMAP_DEFAULT = yes;`

			`X86_PLATFORM_DEVICES = yes;`

			`IO_DELAY_NONE = yes;`

			`X86_DEBUG_FPU = option no;`
			`UNWINDER_ORC = yes;`
			`}`