chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable secure boot on kharbranth

Browse source
This commit is contained in:
Charlotte Van Petegem 2023-06-20 10:39:29 +02:00
parent 412305b4b4
commit 3c9a0d97f6
No known key found for this signature in database
GPG key ID: 019E764B7184435A
1 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
machines/kharbranth/hardware.nix
View file

@ -4,10 +4,11 @@
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = { boot = {
loader = { lanzaboote = {
systemd-boot.enable = true; enable = true;
efi.canTouchEfiVariables = true; pkiBundle = "/etc/secureboot";
}; };
loader.efi.canTouchEfiVariables = true;
initrd = { initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
kernelModules = [ "i915" ]; kernelModules = [ "i915" ];
@ -19,6 +20,11 @@
}; };
}; };
chvp.base.zfs.systemLinks = [{ path = "/etc/secureboot"; type = "cache"; }];
# For Secure Boot management
environment.systemPackages = [ pkgs.sbctl ];
fileSystems."/" = { fileSystems."/" = {
device = "rpool/local/root"; device = "rpool/local/root";
fsType = "zfs"; fsType = "zfs";