os/modules/security/mitigations.nix

{ config, lib, options, ... }:
with lib;
let
  inherit (builtins) readFile fetchurl;

  cfg = config.security.mitigations;

  cmdline = readFile (fetchurl {
    url = "https://make-linux-fast-again.com";
    sha256 = "sha256:10diw5xn5jjx79nvyjqcpdpcqihnr3y0756fsgiv1nq7w28ph9w6";
  });
in {
  options = {
    security.mitigations.disable = mkOption {
      type = types.bool;
      default = false;
      description = ''
        Whether to disable spectre and meltdown mitigations in the kernel. Do
        not use this in mission critical deployments, or on any machine you do
        not have physical access to.
      '';
    };

    security.mitigations.acceptRisk = mkOption {
      type = types.bool;
      default = false;
      description = ''
        To ensure users know what they are doing, they must explicitly accept
        the risk of turning off mitigations by enabling this.
      '';
    };
  };

  config = mkIf cfg.disable {
    assertions = [{
      assertion = cfg.acceptRisk;
      message = ''
        You have enabled 'security.mitigations.disable' without accepting the
        risk of disabling mitigations.

        You must explicitly accept the risk of running the kernel without
        Spectre or Meltdown mitigations. Set 'security.mitigations.acceptRisk'
        to 'true' only if you know what your doing!
      '';
    }];

    boot.kernelParams = splitString " " cmdline;

  };
}
security#mitigations: init module Resolves #6 by breaking out the disabling of mitigations into it's own module. Now users must explicitly accept the risk of disabling Spectre and Meltdown mitigations with `security.mitigations.acceptRisk` in addition to actually disabling them with `security.mitigations.disable`. 2020-01-08 20:28:49 +00:00			`{ config, lib, options, ... }:`
			`with lib;`
			`let`
			`inherit (builtins) readFile fetchurl;`

			`cfg = config.security.mitigations;`

			`cmdline = readFile (fetchurl {`
			`url = "https://make-linux-fast-again.com";`
			`sha256 = "sha256:10diw5xn5jjx79nvyjqcpdpcqihnr3y0756fsgiv1nq7w28ph9w6";`
			`});`
			`in {`
			`options = {`
			`security.mitigations.disable = mkOption {`
			`type = types.bool;`
			`default = false;`
			`description = ''`
			`Whether to disable spectre and meltdown mitigations in the kernel. Do`
			`not use this in mission critical deployments, or on any machine you do`
			`not have physical access to.`
			`'';`
			`};`

			`security.mitigations.acceptRisk = mkOption {`
			`type = types.bool;`
			`default = false;`
			`description = ''`
			`To ensure users know what they are doing, they must explicitly accept`
			`the risk of turning off mitigations by enabling this.`
			`'';`
			`};`
			`};`

			`config = mkIf cfg.disable {`
			`assertions = [{`
			`assertion = cfg.acceptRisk;`
			`message = ''`
			`You have enabled 'security.mitigations.disable' without accepting the`
			`risk of disabling mitigations.`

			`You must explicitly accept the risk of running the kernel without`
			`Spectre or Meltdown mitigations. Set 'security.mitigations.acceptRisk'`
			`to 'true' only if you know what your doing!`
			`'';`
			`}];`

			`boot.kernelParams = splitString " " cmdline;`

			`};`
			`}`