New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chipsec: init at 1.3.7 #52988
chipsec: init at 1.3.7 #52988
Conversation
@GrahamcOfBorg build chipsec linuxPackages.chipsec |
Oops, ofBorg failed to build it because it doesn't work on ARM. |
LGTM. Added a few nits for your consideration. |
Another thing that occurred to me is, if I add both variants to my system will I end up with two copies of the userland tools in the system closure? It seems to me like I will, as different flags would produce different store paths. Perhaps the |
Hmm, but it loads the driver on demand. We'd have to make sure it can find it if it's in a different derivation. I don't think the package is designed to be able to look for the driver elsewhere, I can look into it. |
By loading on demand, I expect you mean calls modprobe? If so it should work as long as the package is added to I think I was wrong to raise the concern about duplicated stuff in the system closure, I have not looked but |
Yes exactly, calling modprobe. But can you just default to building the driver on Linux? I don't think you can, because you also need to get the exact kernel passed that used on the system. Hence Is there precedent? Is there another package that's not just a kernel module but a program that brings its own kernel module that we package but don't have a NixOS module for? P.S. Looks like Otherwise I think it's fine like this. We'll have to hope that people are looking for the |
See: chipsec/chipsec#461 Noticed that when ofBorg failed to build the kernel driver on ARM.
Thanks for discussing the details! |
Motivation for this change
The Nix(OS) community should check their firmware and its settings for vulnerabilities!
It's included twice: The top-level attribute doesn't include the kernel driver and can be executed on any OS with Python, and the one in linuxPackages which includes the Linux kernel driver and is therefore able to do more advanced checks.
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)