From 8b5480ff1c10d36ea75f06e4b8151d0085fad8f1 Mon Sep 17 00:00:00 2001 From: masrlinu <5259918+masrlinu@users.noreply.github.com> Date: Fri, 5 Dec 2025 18:50:39 +0100 Subject: [PATCH 1/3] broadcom-wl: enable WiFi/Bluetooth driver as discussed in PR #1580 --- apple/imac/14-2/default.nix | 66 ++++++++++++++++++++++-------- apple/macbook-air/6/default.nix | 47 +++++++++++++++++---- apple/macbook-pro/11-1/default.nix | 35 +++++++++++++++- dell/inspiron/3442/default.nix | 40 ++++++++++++++++-- dell/xps/13-9343/default.nix | 41 ++++++++++++++++--- 5 files changed, 194 insertions(+), 35 deletions(-) diff --git a/apple/imac/14-2/default.nix b/apple/imac/14-2/default.nix index 5dd218c52..7219bb2ab 100644 --- a/apple/imac/14-2/default.nix +++ b/apple/imac/14-2/default.nix @@ -13,25 +13,55 @@ ../../../common/hidpi.nix ]; - boot = { - initrd.kernelModules = [ - "applesmc" - "applespi" - "intel_lpss_pci" - "spi_pxa2xx_platform" - "kvm-intel" - ]; - blacklistedKernelModules = [ - "b43" - "ssb" - "brcmfmac" - "brcmsmac" - "bcma" - ]; - kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "6.0") pkgs.linuxPackages_latest; + options = { + hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable the legacy Broadcom WiFi driver (wl) with known security vulnerabilities. + + This driver is vulnerable to heap buffer overflows: + - CVE-2019-9501 (https://github.com/advisories/GHSA-vjw8-c937-7hwp) + - CVE-2019-9502 (https://github.com/advisories/GHSA-4rfg-8q34-prmp) + + Attackers within WiFi range can exploit this vulnerability by sending crafted + WiFi packets, even without being connected to the same network. Simply having + WiFi enabled makes the system vulnerable to arbitrary code execution or denial-of-service. + Only enable if no alternative WiFi solution is available. + ''; + }; }; - hardware = { - bluetooth.enable = lib.mkDefault true; + config = { + boot = { + initrd.kernelModules = [ + "applesmc" + "applespi" + "intel_lpss_pci" + "spi_pxa2xx_platform" + "kvm-intel" + ]; + blacklistedKernelModules = [ + "b43" + "ssb" + "brcmfmac" + "brcmsmac" + "bcma" + ]; + kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "6.0") pkgs.linuxPackages_latest; + extraModulePackages = + lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities + [ + (config.boot.kernelPackages.broadcom_sta.overrideAttrs (oldAttrs: { + meta = oldAttrs.meta // { + knownVulnerabilities = [ ]; + }; + })) + ]; + }; + + hardware = { + bluetooth.enable = lib.mkDefault true; + }; }; } diff --git a/apple/macbook-air/6/default.nix b/apple/macbook-air/6/default.nix index 67f3a7062..fe70b24dd 100644 --- a/apple/macbook-air/6/default.nix +++ b/apple/macbook-air/6/default.nix @@ -3,14 +3,47 @@ { imports = [ ../. ]; - boot.blacklistedKernelModules = [ "bcma" ]; + options = { + hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable the legacy Broadcom WiFi driver (wl) with known security vulnerabilities. - boot = { - # Divides power consumption by two. - kernelParams = [ "acpi_osi=" ]; + This driver is vulnerable to heap buffer overflows: + - CVE-2019-9501 (https://github.com/advisories/GHSA-vjw8-c937-7hwp) + - CVE-2019-9502 (https://github.com/advisories/GHSA-4rfg-8q34-prmp) + + Attackers within WiFi range can exploit this vulnerability by sending crafted + WiFi packets, even without being connected to the same network. Simply having + WiFi enabled makes the system vulnerable to arbitrary code execution or denial-of-service. + Only enable if no alternative WiFi solution is available. + ''; + }; }; - services.xserver.deviceSection = lib.mkDefault '' - Option "TearFree" "true" - ''; + config = { + boot = { + # Divides power consumption by two. + kernelParams = [ "acpi_osi=" ]; + + blacklistedKernelModules = [ "bcma" ]; + kernelModules = lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities [ + "wl" + ]; + extraModulePackages = + lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities + [ + (config.boot.kernelPackages.broadcom_sta.overrideAttrs (oldAttrs: { + meta = oldAttrs.meta // { + knownVulnerabilities = [ ]; + }; + })) + ]; + }; + + services.xserver.deviceSection = lib.mkDefault '' + Option "TearFree" "true" + ''; + }; } diff --git a/apple/macbook-pro/11-1/default.nix b/apple/macbook-pro/11-1/default.nix index 95f8c2899..376790b39 100644 --- a/apple/macbook-pro/11-1/default.nix +++ b/apple/macbook-pro/11-1/default.nix @@ -6,5 +6,38 @@ ../../../common/cpu/intel/haswell ]; - hardware.enableRedistributableFirmware = lib.mkDefault true; + options = { + hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable the legacy Broadcom WiFi driver (wl) with known security vulnerabilities. + + This driver is vulnerable to heap buffer overflows: + - CVE-2019-9501 (https://github.com/advisories/GHSA-vjw8-c937-7hwp) + - CVE-2019-9502 (https://github.com/advisories/GHSA-4rfg-8q34-prmp) + + Attackers within WiFi range can exploit this vulnerability by sending crafted + WiFi packets, even without being connected to the same network. Simply having + WiFi enabled makes the system vulnerable to arbitrary code execution or denial-of-service. + Only enable if no alternative WiFi solution is available. + ''; + }; + }; + + config = { + hardware.enableRedistributableFirmware = lib.mkDefault true; # broadcom-wl + boot.kernelModules = + lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities + [ "wl" ]; + boot.extraModulePackages = + lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities + [ + (config.boot.kernelPackages.broadcom_sta.overrideAttrs (oldAttrs: { + meta = oldAttrs.meta // { + knownVulnerabilities = [ ]; + }; + })) + ]; + }; } diff --git a/dell/inspiron/3442/default.nix b/dell/inspiron/3442/default.nix index adbb0c164..7adaa6332 100644 --- a/dell/inspiron/3442/default.nix +++ b/dell/inspiron/3442/default.nix @@ -6,8 +6,42 @@ ../../../common/pc/laptop ]; - services = { - fwupd.enable = lib.mkDefault true; - thermald.enable = lib.mkDefault true; + options = { + hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable the legacy Broadcom WiFi driver (wl) with known security vulnerabilities. + + This driver is vulnerable to heap buffer overflows: + - CVE-2019-9501 (https://github.com/advisories/GHSA-vjw8-c937-7hwp) + - CVE-2019-9502 (https://github.com/advisories/GHSA-4rfg-8q34-prmp) + + Attackers within WiFi range can exploit this vulnerability by sending crafted + WiFi packets, even without being connected to the same network. Simply having + WiFi enabled makes the system vulnerable to arbitrary code execution or denial-of-service. + Only enable if no alternative WiFi solution is available. + ''; + }; + }; + + config = { + boot.kernelModules = + lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities + [ "wl" ]; + boot.extraModulePackages = + lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities + [ + (config.boot.kernelPackages.broadcom_sta.overrideAttrs (oldAttrs: { + meta = oldAttrs.meta // { + knownVulnerabilities = [ ]; + }; + })) + ]; + + services = { + fwupd.enable = lib.mkDefault true; + thermald.enable = lib.mkDefault true; + }; }; } diff --git a/dell/xps/13-9343/default.nix b/dell/xps/13-9343/default.nix index 28d6e22ff..75f2c1ade 100644 --- a/dell/xps/13-9343/default.nix +++ b/dell/xps/13-9343/default.nix @@ -7,14 +7,43 @@ ../../../common/pc/ssd ]; - services = { - fwupd.enable = lib.mkDefault true; - thermald.enable = lib.mkDefault true; + options = { + hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable the legacy Broadcom WiFi driver (wl) with known security vulnerabilities. + + This driver is vulnerable to heap buffer overflows: + - CVE-2019-9501 (https://github.com/advisories/GHSA-vjw8-c937-7hwp) + - CVE-2019-9502 (https://github.com/advisories/GHSA-4rfg-8q34-prmp) + + Attackers within WiFi range can exploit this vulnerability by sending crafted + WiFi packets, even without being connected to the same network. Simply having + WiFi enabled makes the system vulnerable to arbitrary code execution or denial-of-service. + Only enable if no alternative WiFi solution is available. + ''; + }; }; - boot = { - kernelModules = [ + config = { + boot.kernelModules = [ "kvm-intel" - ]; + ] + ++ lib.optionals config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities [ "wl" ]; + boot.extraModulePackages = + lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities + [ + (config.boot.kernelPackages.broadcom_sta.overrideAttrs (oldAttrs: { + meta = oldAttrs.meta // { + knownVulnerabilities = [ ]; + }; + })) + ]; + + services = { + fwupd.enable = lib.mkDefault true; + thermald.enable = lib.mkDefault true; + }; }; } From 468db525364cf66bcbe8b10c13b301d6e2a9bd41 Mon Sep 17 00:00:00 2001 From: masrlinu <5259918+masrlinu@users.noreply.github.com> Date: Sat, 13 Dec 2025 02:11:50 +0100 Subject: [PATCH 2/3] broadcom-wl: introduce common/broadcom-wifi.nix and import in Apple/Dell profiles --- apple/imac/14-2/default.nix | 29 +---------------------- apple/macbook-air/6/default.nix | 36 ++++------------------------ apple/macbook-pro/11-1/default.nix | 32 +------------------------ common/broadcom-wifi.nix | 38 ++++++++++++++++++++++++++++++ dell/inspiron/3442/default.nix | 33 +------------------------- dell/xps/13-9343/default.nix | 32 ++----------------------- 6 files changed, 47 insertions(+), 153 deletions(-) create mode 100644 common/broadcom-wifi.nix diff --git a/apple/imac/14-2/default.nix b/apple/imac/14-2/default.nix index 7219bb2ab..b32bc8a44 100644 --- a/apple/imac/14-2/default.nix +++ b/apple/imac/14-2/default.nix @@ -11,27 +11,9 @@ ../../../common/gpu/nvidia ../../../common/gpu/nvidia/kepler ../../../common/hidpi.nix + ../../../common/broadcom-wifi.nix ]; - options = { - hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Enable the legacy Broadcom WiFi driver (wl) with known security vulnerabilities. - - This driver is vulnerable to heap buffer overflows: - - CVE-2019-9501 (https://github.com/advisories/GHSA-vjw8-c937-7hwp) - - CVE-2019-9502 (https://github.com/advisories/GHSA-4rfg-8q34-prmp) - - Attackers within WiFi range can exploit this vulnerability by sending crafted - WiFi packets, even without being connected to the same network. Simply having - WiFi enabled makes the system vulnerable to arbitrary code execution or denial-of-service. - Only enable if no alternative WiFi solution is available. - ''; - }; - }; - config = { boot = { initrd.kernelModules = [ @@ -49,15 +31,6 @@ "bcma" ]; kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "6.0") pkgs.linuxPackages_latest; - extraModulePackages = - lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities - [ - (config.boot.kernelPackages.broadcom_sta.overrideAttrs (oldAttrs: { - meta = oldAttrs.meta // { - knownVulnerabilities = [ ]; - }; - })) - ]; }; hardware = { diff --git a/apple/macbook-air/6/default.nix b/apple/macbook-air/6/default.nix index fe70b24dd..b0c228351 100644 --- a/apple/macbook-air/6/default.nix +++ b/apple/macbook-air/6/default.nix @@ -1,26 +1,10 @@ { config, lib, ... }: { - imports = [ ../. ]; - - options = { - hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Enable the legacy Broadcom WiFi driver (wl) with known security vulnerabilities. - - This driver is vulnerable to heap buffer overflows: - - CVE-2019-9501 (https://github.com/advisories/GHSA-vjw8-c937-7hwp) - - CVE-2019-9502 (https://github.com/advisories/GHSA-4rfg-8q34-prmp) - - Attackers within WiFi range can exploit this vulnerability by sending crafted - WiFi packets, even without being connected to the same network. Simply having - WiFi enabled makes the system vulnerable to arbitrary code execution or denial-of-service. - Only enable if no alternative WiFi solution is available. - ''; - }; - }; + imports = [ + ../. + ../../../common/broadcom-wifi.nix + ]; config = { boot = { @@ -28,18 +12,6 @@ kernelParams = [ "acpi_osi=" ]; blacklistedKernelModules = [ "bcma" ]; - kernelModules = lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities [ - "wl" - ]; - extraModulePackages = - lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities - [ - (config.boot.kernelPackages.broadcom_sta.overrideAttrs (oldAttrs: { - meta = oldAttrs.meta // { - knownVulnerabilities = [ ]; - }; - })) - ]; }; services.xserver.deviceSection = lib.mkDefault '' diff --git a/apple/macbook-pro/11-1/default.nix b/apple/macbook-pro/11-1/default.nix index 376790b39..ccc147304 100644 --- a/apple/macbook-pro/11-1/default.nix +++ b/apple/macbook-pro/11-1/default.nix @@ -4,40 +4,10 @@ ../. ../../../common/pc/ssd ../../../common/cpu/intel/haswell + ../../../common/broadcom-wifi.nix ]; - options = { - hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Enable the legacy Broadcom WiFi driver (wl) with known security vulnerabilities. - - This driver is vulnerable to heap buffer overflows: - - CVE-2019-9501 (https://github.com/advisories/GHSA-vjw8-c937-7hwp) - - CVE-2019-9502 (https://github.com/advisories/GHSA-4rfg-8q34-prmp) - - Attackers within WiFi range can exploit this vulnerability by sending crafted - WiFi packets, even without being connected to the same network. Simply having - WiFi enabled makes the system vulnerable to arbitrary code execution or denial-of-service. - Only enable if no alternative WiFi solution is available. - ''; - }; - }; - config = { hardware.enableRedistributableFirmware = lib.mkDefault true; # broadcom-wl - boot.kernelModules = - lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities - [ "wl" ]; - boot.extraModulePackages = - lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities - [ - (config.boot.kernelPackages.broadcom_sta.overrideAttrs (oldAttrs: { - meta = oldAttrs.meta // { - knownVulnerabilities = [ ]; - }; - })) - ]; }; } diff --git a/common/broadcom-wifi.nix b/common/broadcom-wifi.nix new file mode 100644 index 000000000..91e67052c --- /dev/null +++ b/common/broadcom-wifi.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + options = { + hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable the legacy Broadcom WiFi driver (wl) with known security vulnerabilities. + + This driver is vulnerable to heap buffer overflows: + - CVE-2019-9501 (https://github.com/advisories/GHSA-vjw8-c937-7hwp) + - CVE-2019-9502 (https://github.com/advisories/GHSA-4rfg-8q34-prmp) + + Attackers within WiFi range can exploit this vulnerability by sending crafted + WiFi packets, even without being connected to the same network. Simply having + WiFi enabled makes the system vulnerable to arbitrary code execution or denial-of-service. + Only enable if no alternative WiFi solution is available. + ''; + }; + }; + + config = lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities { + boot.kernelModules = [ "wl" ]; + boot.extraModulePackages = [ + (config.boot.kernelPackages.broadcom_sta.overrideAttrs (oldAttrs: { + meta = oldAttrs.meta // { + knownVulnerabilities = [ ]; + }; + })) + ]; + }; +} diff --git a/dell/inspiron/3442/default.nix b/dell/inspiron/3442/default.nix index 7adaa6332..a52aa844f 100644 --- a/dell/inspiron/3442/default.nix +++ b/dell/inspiron/3442/default.nix @@ -4,41 +4,10 @@ imports = [ ../../../common/cpu/intel/haswell ../../../common/pc/laptop + ../../../common/broadcom-wifi.nix ]; - options = { - hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Enable the legacy Broadcom WiFi driver (wl) with known security vulnerabilities. - - This driver is vulnerable to heap buffer overflows: - - CVE-2019-9501 (https://github.com/advisories/GHSA-vjw8-c937-7hwp) - - CVE-2019-9502 (https://github.com/advisories/GHSA-4rfg-8q34-prmp) - - Attackers within WiFi range can exploit this vulnerability by sending crafted - WiFi packets, even without being connected to the same network. Simply having - WiFi enabled makes the system vulnerable to arbitrary code execution or denial-of-service. - Only enable if no alternative WiFi solution is available. - ''; - }; - }; - config = { - boot.kernelModules = - lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities - [ "wl" ]; - boot.extraModulePackages = - lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities - [ - (config.boot.kernelPackages.broadcom_sta.overrideAttrs (oldAttrs: { - meta = oldAttrs.meta // { - knownVulnerabilities = [ ]; - }; - })) - ]; - services = { fwupd.enable = lib.mkDefault true; thermald.enable = lib.mkDefault true; diff --git a/dell/xps/13-9343/default.nix b/dell/xps/13-9343/default.nix index 75f2c1ade..d96d30261 100644 --- a/dell/xps/13-9343/default.nix +++ b/dell/xps/13-9343/default.nix @@ -5,41 +5,13 @@ ../../../common/cpu/intel ../../../common/pc/laptop ../../../common/pc/ssd + ../../../common/broadcom-wifi.nix ]; - options = { - hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Enable the legacy Broadcom WiFi driver (wl) with known security vulnerabilities. - - This driver is vulnerable to heap buffer overflows: - - CVE-2019-9501 (https://github.com/advisories/GHSA-vjw8-c937-7hwp) - - CVE-2019-9502 (https://github.com/advisories/GHSA-4rfg-8q34-prmp) - - Attackers within WiFi range can exploit this vulnerability by sending crafted - WiFi packets, even without being connected to the same network. Simply having - WiFi enabled makes the system vulnerable to arbitrary code execution or denial-of-service. - Only enable if no alternative WiFi solution is available. - ''; - }; - }; - config = { boot.kernelModules = [ "kvm-intel" - ] - ++ lib.optionals config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities [ "wl" ]; - boot.extraModulePackages = - lib.mkIf config.hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities - [ - (config.boot.kernelPackages.broadcom_sta.overrideAttrs (oldAttrs: { - meta = oldAttrs.meta // { - knownVulnerabilities = [ ]; - }; - })) - ]; + ]; services = { fwupd.enable = lib.mkDefault true; From 5a323a3710ed0cfe89eb566670f5737ab04c91c4 Mon Sep 17 00:00:00 2001 From: masrlinu <5259918+masrlinu@users.noreply.github.com> Date: Mon, 15 Dec 2025 17:43:40 +0100 Subject: [PATCH 3/3] broadcom-wl: updated documentation --- apple/imac/14-2/README.md | 6 ++++++ apple/imac/14-2/default.nix | 10 +++++++++- apple/macbook-air/6/README.md | 9 +++++++++ apple/macbook-air/6/default.nix | 10 +++++++++- apple/macbook-pro/11-1/README.md | 7 +++++++ apple/macbook-pro/11-1/default.nix | 10 +++++++++- dell/inspiron/3442/README.md | 8 ++++++++ dell/inspiron/3442/default.nix | 10 +++++++++- dell/xps/13-9343/README.md | 9 +++++++++ dell/xps/13-9343/default.nix | 10 +++++++++- 10 files changed, 84 insertions(+), 5 deletions(-) create mode 100644 apple/macbook-air/6/README.md create mode 100644 dell/xps/13-9343/README.md diff --git a/apple/imac/14-2/README.md b/apple/imac/14-2/README.md index 3512750d8..bb58695b5 100644 --- a/apple/imac/14-2/README.md +++ b/apple/imac/14-2/README.md @@ -20,6 +20,12 @@ ## Wifi - [x] ok +> **Note:** Enabling WiFi and Bluetooth functionality on this hardware requires the proprietary Broadcom driver. Due to outstanding security issues, you need to explicitly opt-in by setting: +> +> ```nix +> hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = true; +> ``` + ## Graphics - [x] Latest unsupported Nvidia drivers available are 390.157, working with Kernel 6.10.6. diff --git a/apple/imac/14-2/default.nix b/apple/imac/14-2/default.nix index b32bc8a44..bc61050d1 100644 --- a/apple/imac/14-2/default.nix +++ b/apple/imac/14-2/default.nix @@ -13,7 +13,15 @@ ../../../common/hidpi.nix ../../../common/broadcom-wifi.nix ]; - + # ############################################################################## + # ATTENTION / IMPORTANT NOTE: + # + # Note: Enabling WiFi and Bluetooth functionality on this hardware requires + # the proprietary Broadcom driver. Due to outstanding security issues, you + # need to explicitly opt-in by setting: + # + # hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = true; + # ############################################################################## config = { boot = { initrd.kernelModules = [ diff --git a/apple/macbook-air/6/README.md b/apple/macbook-air/6/README.md new file mode 100644 index 000000000..9ec6986a4 --- /dev/null +++ b/apple/macbook-air/6/README.md @@ -0,0 +1,9 @@ +# Apple MacBook Air 6,x + +## Wireless / Bluetooth + +> **Note:** Enabling WiFi and Bluetooth functionality on this hardware requires the proprietary Broadcom driver. Due to outstanding security issues, you need to explicitly opt-in by setting: +> +> ```nix +> hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = true; +> ``` diff --git a/apple/macbook-air/6/default.nix b/apple/macbook-air/6/default.nix index b0c228351..9eb969354 100644 --- a/apple/macbook-air/6/default.nix +++ b/apple/macbook-air/6/default.nix @@ -5,7 +5,15 @@ ../. ../../../common/broadcom-wifi.nix ]; - + # ############################################################################## + # ATTENTION / IMPORTANT NOTE: + # + # Note: Enabling WiFi and Bluetooth functionality on this hardware requires + # the proprietary Broadcom driver. Due to outstanding security issues, you + # need to explicitly opt-in by setting: + # + # hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = true; + # ############################################################################## config = { boot = { # Divides power consumption by two. diff --git a/apple/macbook-pro/11-1/README.md b/apple/macbook-pro/11-1/README.md index 41acdb6bb..9218f5338 100644 --- a/apple/macbook-pro/11-1/README.md +++ b/apple/macbook-pro/11-1/README.md @@ -4,6 +4,13 @@ This configuration is tested on my 13" *MacBook Pro (Retina, 13-inch, Late 2013) The 6.11.5 kernel appears to work well with only minor adjustments on this notebook. Note that my machine has a BCM4360 wireless card (PCI-ID `14e4:43a0`) which appears to only work with the nonfree `wl` driver. +> **Note:** Enabling WiFi and Bluetooth functionality on this hardware requires the proprietary Broadcom driver. Due to outstanding security issues, you need to explicitly opt-in by setting: +> +> ```nix +> hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = true; +> ``` + + ## Additional resources * Linux Wireless Documentation: [List of hardware](https://wireless.docs.kernel.org/en/latest/en/users/drivers/b43.html#list-of-hardware) diff --git a/apple/macbook-pro/11-1/default.nix b/apple/macbook-pro/11-1/default.nix index ccc147304..d821da90b 100644 --- a/apple/macbook-pro/11-1/default.nix +++ b/apple/macbook-pro/11-1/default.nix @@ -6,7 +6,15 @@ ../../../common/cpu/intel/haswell ../../../common/broadcom-wifi.nix ]; - + # ############################################################################## + # ATTENTION / IMPORTANT NOTE: + # + # Note: Enabling WiFi and Bluetooth functionality on this hardware requires + # the proprietary Broadcom driver. Due to outstanding security issues, you + # need to explicitly opt-in by setting: + # + # hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = true; + # ############################################################################## config = { hardware.enableRedistributableFirmware = lib.mkDefault true; # broadcom-wl }; diff --git a/dell/inspiron/3442/README.md b/dell/inspiron/3442/README.md index b7e6e0f59..4ce951c73 100644 --- a/dell/inspiron/3442/README.md +++ b/dell/inspiron/3442/README.md @@ -25,6 +25,14 @@ $ lspci -nn ### Extra Configuration +#### Broadcom WiFi/Bluetooth + +> **Note:** Enabling WiFi and Bluetooth functionality on this hardware requires the proprietary Broadcom driver. Due to outstanding security issues, you need to explicitly opt-in by setting: +> +> ```nix +> hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = true; +> ``` + #### Bluetooth To enable bluetooth support, set `hardware.bluetooth.enable = true;`. diff --git a/dell/inspiron/3442/default.nix b/dell/inspiron/3442/default.nix index a52aa844f..bed2d7966 100644 --- a/dell/inspiron/3442/default.nix +++ b/dell/inspiron/3442/default.nix @@ -6,7 +6,15 @@ ../../../common/pc/laptop ../../../common/broadcom-wifi.nix ]; - + # ############################################################################## + # ATTENTION / IMPORTANT NOTE: + # + # Note: Enabling WiFi and Bluetooth functionality on this hardware requires + # the proprietary Broadcom driver. Due to outstanding security issues, you + # need to explicitly opt-in by setting: + # + # hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = true; + # ############################################################################## config = { services = { fwupd.enable = lib.mkDefault true; diff --git a/dell/xps/13-9343/README.md b/dell/xps/13-9343/README.md new file mode 100644 index 000000000..bb63a3463 --- /dev/null +++ b/dell/xps/13-9343/README.md @@ -0,0 +1,9 @@ +# Dell XPS 13 (9343) + +## Wireless / Bluetooth + +> **Note:** Enabling WiFi and Bluetooth functionality on this hardware requires the proprietary Broadcom driver. Due to outstanding security issues, you need to explicitly opt-in by setting: +> +> ```nix +> hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = true; +> ``` diff --git a/dell/xps/13-9343/default.nix b/dell/xps/13-9343/default.nix index d96d30261..d7a9cc3d2 100644 --- a/dell/xps/13-9343/default.nix +++ b/dell/xps/13-9343/default.nix @@ -7,7 +7,15 @@ ../../../common/pc/ssd ../../../common/broadcom-wifi.nix ]; - + # ############################################################################## + # ATTENTION / IMPORTANT NOTE: + # + # Note: Enabling WiFi and Bluetooth functionality on this hardware requires + # the proprietary Broadcom driver. Due to outstanding security issues, you + # need to explicitly opt-in by setting: + # + # hardware.broadcom.wifi.enableLegacyDriverWithKnownVulnerabilities = true; + # ############################################################################## config = { boot.kernelModules = [ "kvm-intel"