From 1c36a7dcaa2b5f100bb6219e6f1f3b86927575b2 Mon Sep 17 00:00:00 2001
From: Daniel Langbein <daniel@systemli.org>
Date: Thu, 16 Nov 2023 11:08:11 +0100
Subject: [PATCH] mds mitigation

---
 hosts/yodaNas/configuration.nix  | 5 ++++-
 hosts/yodaYoga/configuration.nix | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/hosts/yodaNas/configuration.nix b/hosts/yodaNas/configuration.nix
index 4d2ee53..ee5a065 100644
--- a/hosts/yodaNas/configuration.nix
+++ b/hosts/yodaNas/configuration.nix
@@ -36,6 +36,9 @@
   yoda.btrfsFileSystems = ["/" "/mnt/data" "/mnt/backup"];
   #yoda.btrfsMounts = yoda.btrfsFileSystems;
 
-  boot.kernelParams = [];
+  boot.kernelParams = [
+    # Microarchitectural Data Sampling (MDS), see https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html#mitigation-control-on-the-kernel-command-line
+    "mds=full,nosmt"
+  ];
   boot.kernelPackages = pkgs.linuxPackages;
 }
diff --git a/hosts/yodaYoga/configuration.nix b/hosts/yodaYoga/configuration.nix
index 7717c8e..21dcc42 100644
--- a/hosts/yodaYoga/configuration.nix
+++ b/hosts/yodaYoga/configuration.nix
@@ -35,6 +35,9 @@
   yoda.btrfsFileSystems = ["/"];
   #yoda.btrfsMounts = yoda.btrfsFileSystems;
 
-  boot.kernelParams = [];
+  boot.kernelParams = [
+    # Microarchitectural Data Sampling (MDS), see https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html#mitigation-control-on-the-kernel-command-line
+    "mds=full,nosmt"
+  ];
   boot.kernelPackages = pkgs.linuxPackages;
 }