desktop/steamdeck: enable secureboot

2024-02-25 08:09:17 +01:00
parent e51e3095a1
commit 80178917bb
5 changed files with 261 additions and 19 deletions
--- a/hosts/steamdeck/default.nix
+++ b/hosts/steamdeck/default.nix
@@ -17,7 +17,7 @@
 #           └─ default.nix
 #

-{ config, pkgs, user, jovian-nixos, ... }:
+{ config, pkgs, user, jovian-nixos, lib, ... }:

 {
  imports =                                                         # For now, if applying to other system, swap files
@@ -31,13 +31,18 @@
    kernelPackages = pkgs.linuxPackages_latest;

    loader = {                              # EFI Boot
-      systemd-boot.enable = true;
+      systemd-boot.enable = lib.mkForce false;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
      timeout = 1;                          # Grub auto select time
    };
+
+    lanzaboote = {
+        enable = true;
+        pkiBundle = "/etc/secureboot";
+    };
  };

 #  hardware.sane = {                           # Used for scanning with Xsane