{
  config,
  lib,
  ...
}: let
  btl = config.sils.bootloader;
in {
  options.sils.bootloader = lib.mkOption {
    type = lib.types.enum ["lanzaboote" "grub"];
    default = "lanzaboote";
    description = "Which bootloader to use.";
  };
  config.boot =
    if btl == "lanzaboote"
    then {
      lanzaboote = {
        enable = true;
        configurationLimit = 10;
        pkiBundle = "/etc/secureboot";
        settings = {
          editor = false;
        };
      };
    }
    else if btl == "grub"
    then {
      loader.grub.enable = true;
    }
    else {};
}