diff options
Diffstat (limited to 'system/boot')
| -rw-r--r-- | system/boot/default.nix | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/system/boot/default.nix b/system/boot/default.nix index 410bf143..9606c7b3 100644 --- a/system/boot/default.nix +++ b/system/boot/default.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + lib, + ... +}: { boot = { initrd = { #compressor = "lz4"; @@ -7,14 +11,27 @@ }; kernelPackages = pkgs.linuxPackages_latest; + + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + loader = { + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + systemd-boot.enable = lib.mkForce false; + grub = { - enable = true; + enable = false; # theme = pkgs.nixos-grub2-theme; splashImage = ./boot_pictures/gnu.png; efiSupport = true; device = "nodev"; # only for efi }; + efi = { canTouchEfiVariables = true; efiSysMountPoint = "/boot"; |