From 2e112cb1ae236dff51e16eb459598e1b37358c32 Mon Sep 17 00:00:00 2001
From: Julian Stecklina <julian.stecklina@cyberus-technology.de>
Date: Wed, 19 Jun 2024 00:12:03 +0200
Subject: [PATCH 1/2] virtualboxKvm: 20240515 -> 20240617

(cherry picked from commit 84df77263db2e7c1193d5b4257a0c97694ad527c)
---
 pkgs/applications/virtualization/virtualbox/default.nix | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix
index 1edbddc8ea72..deae3b41449e 100644
--- a/pkgs/applications/virtualization/virtualbox/default.nix
+++ b/pkgs/applications/virtualization/virtualbox/default.nix
@@ -22,9 +22,6 @@
 , extraConfigureFlags ? ""
 }:
 
-# See https://github.com/cyberus-technology/virtualbox-kvm/issues/12
-assert enableKvm -> !enableHardening;
-
 # The web services use Java infrastructure.
 assert enableWebService -> javaBindings;
 
@@ -35,8 +32,8 @@ let
   virtualboxVersion = "7.0.18";
   virtualboxSha256 = "d999513533631674a024762668de999411d8197060c51e68c5faf0a2c0eea1a5";
 
-  kvmPatchVersion = "20240515";
-  kvmPatchHash = "sha256-Kh/tlPScdf7CbEEpL54iqMpeUIdmnJL2r/mxnlEzLd0=";
+  kvmPatchVersion = "20240617";
+  kvmPatchHash = "sha256-bOcM9xA1SXB1uTwljpw2vevVeSdHa3omCRon/8DoAUk=";
 
   # The KVM build is not compatible to VirtualBox's kernel modules. So don't export
   # modsrc at all.

From f6a8567aac907cff29833be6058149cdb86e31f0 Mon Sep 17 00:00:00 2001
From: Julian Stecklina <julian.stecklina@cyberus-technology.de>
Date: Wed, 19 Jun 2024 00:12:16 +0200
Subject: [PATCH 2/2] nixos/virtualbox-host: remove obsolete warnings

Version 20240617 of the KVM patch allows for turning hardening on in
VirtualBox.

(cherry picked from commit 9cec4b55f69077d9e6d3d938fec055be54745020)
---
 nixos/modules/virtualisation/virtualbox-host.nix | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix
index a34fe132ba7e..4808652a542a 100644
--- a/nixos/modules/virtualisation/virtualbox-host.nix
+++ b/nixos/modules/virtualisation/virtualbox-host.nix
@@ -89,7 +89,7 @@ in
         Enable KVM support for VirtualBox. This increases compatibility with Linux kernel versions, because the VirtualBox kernel modules
         are not required.
 
-        This option is incompatible with `enableHardening` and `addNetworkInterface`.
+        This option is incompatible with `addNetworkInterface`.
 
         Note: This is experimental. Please check https://github.com/cyberus-technology/virtualbox-kvm/issues.
       '';
@@ -136,18 +136,6 @@ in
         assertion = !cfg.addNetworkInterface;
         message = "VirtualBox KVM only supports standard NAT networking for VMs. Please turn off virtualisation.virtualbox.host.addNetworkInterface.";
       }
-
-      {
-        assertion = !cfg.enableHardening;
-        message = "VirtualBox KVM is not compatible with hardening: Please turn off virtualisation.virtualbox.host.enableHardening.";
-      }
-    ];
-
-    warnings = [
-      ''
-        KVM support in VirtualBox is experimental. Not all security features are available yet.
-        See: https://github.com/cyberus-technology/virtualbox-kvm/issues/12
-      ''
     ];
   }) (mkIf (!cfg.enableKvm) {
     boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ];