mirror of
https://github.com/ItsDrike/nixdots
synced 2024-09-20 05:19:41 +00:00
24 lines
636 B
Nix
24 lines
636 B
Nix
|
{ lib, ... }: with lib; let
|
||
|
inherit (lib) mkEnableOption;
|
||
|
in
|
||
|
{
|
||
|
options.myOptions.system.secure-boot = {
|
||
|
enabled = mkEnableOption ''
|
||
|
secure-boot using lanzaboote.
|
||
|
|
||
|
Note that you will need to have UEFI firmware, and the rebuild
|
||
|
will report errors until you generate the secure boot keys with:
|
||
|
```shell
|
||
|
sudo sbctl create-keys
|
||
|
````
|
||
|
|
||
|
Optionally (though enabling this is pointless otherwise), you should
|
||
|
now enter secure-boot setup mode and enroll the keys:
|
||
|
```shell
|
||
|
sudo sbctl enroll-keys -m
|
||
|
```
|
||
|
Then reboot, and secure-boot should be enabled.
|
||
|
'';
|
||
|
};
|
||
|
}
|