nixos/hardened profile: always enable pti
This commit is contained in:
parent
3f1f443125
commit
167578163a
@ -40,6 +40,9 @@ with lib;
|
||||
|
||||
# Disable legacy virtual syscalls
|
||||
"vsyscall=none"
|
||||
|
||||
# Enable PTI even if CPU claims to be safe from meltdown
|
||||
"pti=on"
|
||||
];
|
||||
|
||||
boot.blacklistedKernelModules = [
|
||||
|
Loading…
Reference in New Issue
Block a user