From 1dd3ba924bb7f2ab254b14dcf794651d486db2ae Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sun, 30 Apr 2017 11:57:12 +0200
Subject: [PATCH] nixos/hardened profile: disable hibernation

Recommended by KSPP
---
 nixos/modules/profiles/hardened.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index 13084b7f082..c7f80fe47aa 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -20,6 +20,9 @@ with lib;
 
     # Disable legacy virtual syscalls
     "vsyscall=none"
+
+    # Disable hibernation (allows replacing the running kernel)
+    "nohibernate"
   ];
 
   # Restrict ptrace() usage to processes with a pre-defined relationship