nixdots/options/system/boot/secure-boot.nix

{lib, ...}:
with lib; let
  inherit (lib) mkEnableOption;
in {
  options.myOptions.system.boot.secure-boot = {
    enable = mkEnableOption ''
      secure-boot using lanzaboote.

      Note that you will need to have UEFI firmware, and the rebuild
      will report errors until you generate the secure boot keys with:
      ```shell
      sudo sbctl create-keys
      ````

      Optionally (though enabling this is pointless otherwise), you should
      now enter secure-boot setup mode and enroll the keys:
      ```shell
      sudo sbctl enroll-keys -m
      ```
      Then reboot, and secure-boot should be enabled.
    '';
  };
}
Run alejandra 2024-07-26 23:07:07 +00:00			`{lib, ...}:`
			`with lib; let`
Add secure-boot 2024-04-12 16:25:26 +00:00			`inherit (lib) mkEnableOption;`
Run alejandra 2024-07-26 23:07:07 +00:00			`in {`
Update boot options 2024-04-12 18:57:52 +00:00			`options.myOptions.system.boot.secure-boot = {`
Run alejandra 2024-07-26 23:07:07 +00:00			`enable = mkEnableOption ''`
Add secure-boot 2024-04-12 16:25:26 +00:00			`secure-boot using lanzaboote.`

			`Note that you will need to have UEFI firmware, and the rebuild`
			`will report errors until you generate the secure boot keys with:`
			```shell
			`sudo sbctl create-keys`
			````

			`Optionally (though enabling this is pointless otherwise), you should`
			`now enter secure-boot setup mode and enroll the keys:`
			```shell
			`sudo sbctl enroll-keys -m`
			```
			`Then reboot, and secure-boot should be enabled.`
Run alejandra 2024-07-26 23:07:07 +00:00			`'';`
Add secure-boot 2024-04-12 16:25:26 +00:00			`};`
			`}`