public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix indentation / tabs

This commit is contained in:
Eelco Dolstra 2013-07-23 18:56:12 +02:00
parent 462e4255fa
commit 8dc09be07b
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
modules/system/boot/luksroot.nix
View File

@ -1,4 +1,4 @@
{pkgs, config, ...}: { config, pkgs, ... }:
with pkgs.lib; with pkgs.lib;
@ -52,23 +52,23 @@ in
boot.initrd.luks.mitigateDMAAttacks = mkOption { boot.initrd.luks.mitigateDMAAttacks = mkOption {
default = true; default = true;
description = '' description = ''
Unless enabled, encryption keys can be easily recovered by an attacker with physical Unless enabled, encryption keys can be easily recovered by an attacker with physical
access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port.
More information: http://en.wikipedia.org/wiki/DMA_attack More information: http://en.wikipedia.org/wiki/DMA_attack
This option blacklists FireWire drivers, but doesn't remove them. You can manually This option blacklists FireWire drivers, but doesn't remove them. You can manually
load the drivers if you need to use a FireWire device, but don't forget to unload them! load the drivers if you need to use a FireWire device, but don't forget to unload them!
''; '';
}; };
boot.initrd.luks.cryptoModules = mkOption { boot.initrd.luks.cryptoModules = mkOption {
default = [ "aes" "aes_generic" "aes_x86_64" "aes_i586" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha256" default =
"sha1" [ "aes" "aes_generic" "aes_x86_64" "aes_i586" "blowfish" "twofish"
"sha2" "serpent" "cbc" "xts" "lrw" "sha256" "sha1" "sha2"
]; ];
description = '' description = ''
A list of cryptographic kernel modules needed to decrypt the root device(s). A list of cryptographic kernel modules needed to decrypt the root device(s).
The default includes all common modules. The default includes all common modules.
''; '';
}; };
@ -151,7 +151,7 @@ in
["firewire_ohci" "firewire_core" "firewire_sbp2"]; ["firewire_ohci" "firewire_core" "firewire_sbp2"];
# Some modules that may be needed for mounting anything ciphered # Some modules that may be needed for mounting anything ciphered
boot.initrd.kernelModules = [ "dm_mod" "dm_crypt" "cryptd" ] ++ luks.cryptoModules; boot.initrd.kernelModules = [ "dm_mod" "dm_crypt" "cryptd" ] ++ luks.cryptoModules;
# copy the cryptsetup binary and it's dependencies # copy the cryptsetup binary and it's dependencies
boot.initrd.extraUtilsCommands = '' boot.initrd.extraUtilsCommands = ''