Blog Archive
2026
Tracking NixOS option values and dependencies
Adding dependency tracking primitives to the Nix evaluator to enable configuration-level diffs in NixOS
2025
Bypassing disk encryption on systems with automatic TPM2 unlock
Discovering a widespread misconfiguration of automatic disk unlocking with TPM2 that allows physical attackers to decrypt your disk
2024
Evaluation time secrets in Nix: Importing encrypted nix files
Protecting private information in nix files by allowing nix to decrypt secrets at evaluation time
