mirror of
				https://github.com/ItsDrike/nixdots
				synced 2025-10-26 07:16:35 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			23 lines
		
	
	
	
		
			636 B
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			23 lines
		
	
	
	
		
			636 B
		
	
	
	
		
			Nix
		
	
	
	
	
	
| {lib, ...}:
 | |
| with lib; let
 | |
|   inherit (lib) mkEnableOption;
 | |
| in {
 | |
|   options.myOptions.system.boot.secure-boot = {
 | |
|     enable = mkEnableOption ''
 | |
|       secure-boot using lanzaboote.
 | |
| 
 | |
|       Note that you will need to have UEFI firmware, and the rebuild
 | |
|       will report errors until you generate the secure boot keys with:
 | |
|       ```shell
 | |
|       sudo sbctl create-keys
 | |
|       ````
 | |
| 
 | |
|       Optionally (though enabling this is pointless otherwise), you should
 | |
|       now enter secure-boot setup mode and enroll the keys:
 | |
|       ```shell
 | |
|       sudo sbctl enroll-keys -m
 | |
|       ```
 | |
|       Then reboot, and secure-boot should be enabled.
 | |
|     '';
 | |
|   };
 | |
| }
 |