diff --git a/hosts/default.nix b/hosts/default.nix
index 0335e1d..dded6a3 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -63,6 +63,7 @@ in
     specialArgs = { inherit inputs user location nixos-hardware agenix lanzaboote; };
     modules = [
       agenix.nixosModules.default
+      lanzaboote.nixosModule.lanzaboote
       ./lifebook
       ./configuration_desktop.nix
       ../modules/hardware/hydraCache.nix
diff --git a/hosts/lifebook/default.nix b/hosts/lifebook/default.nix
index 679efd3..4651557 100644
--- a/hosts/lifebook/default.nix
+++ b/hosts/lifebook/default.nix
@@ -17,7 +17,7 @@
 #           └─ default.nix
 #
 
-{ config, pkgs, user, ... }:
+{ lib, config, pkgs, user, ... }:
 
 {
   imports =                                                         # For now, if applying to other system, swap files
@@ -32,13 +32,18 @@
     kernelPackages = pkgs.linuxPackages_latest;
 
     loader = {                              # EFI Boot
-      systemd-boot.enable = true;
+      systemd-boot.enable = lib.mkForce false;
       efi = {
         canTouchEfiVariables = true;
         efiSysMountPoint = "/boot";
       };
       timeout = 1;                          # Grub auto select time
     };
+
+    lanzaboote = {
+        enable = true;
+        pkiBundle = "/etc/secureboot";
+    };
   };
 
 #  hardware.sane = {                           # Used for scanning with Xsane
@@ -51,9 +56,8 @@
 
   environment = {
     systemPackages = with pkgs; [
-#      simple-scan
+       linux-firmware
        intel-media-driver
-#       alacritty
     ];
   };
 
@@ -62,14 +66,7 @@
   };
 
   services = {
-    tlp = {
-      enable = true;                      # TLP and auto-cpufreq for power management
-      settings = {
-        USB_DENYLIST="fc32:1287 1e7d:2e4a 1d5c:5500 1d5c:5510";
-      };
-    };
-
-    logind.lidSwitch = "suspend-then-hibernate";            # Laptop does not go to sleep when lid is closed
+    logind.lidSwitch = "hibernate";            # Laptop does not go to sleep when lid is closed
     #auto-cpufreq.enable = true;
     blueman.enable = true;
     printing = {                            # Printing and drivers for TS5300
diff --git a/hosts/lifebook/hardware-configuration.nix b/hosts/lifebook/hardware-configuration.nix
index c900e88..8093ed2 100644
--- a/hosts/lifebook/hardware-configuration.nix
+++ b/hosts/lifebook/hardware-configuration.nix
@@ -32,10 +32,10 @@
 	  };
 
 	  kernelModules = [ "kvm-intel" ];
-	  kernelParams = [ "luks.options=fido2-device=auto" ];
-#	  extraModprobeConfig = ''
-#		  options i915 enable_guc=3 enable_fbc=1 fastboot=1
-#		  '';
+	  kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" ];
+	  extraModprobeConfig = ''
+		  options i915 enable_guc=3
+		  '';
 	  tmp.useTmpfs = false;
 	  tmp.cleanOnBoot = true;
   };
@@ -174,16 +174,15 @@
     #defaultGateway = "192.168.0.1";
     #nameservers = [ "192.168.0.4" ];
     firewall = {
-      checkReversePath = "loose";
+      checkReversePath = "false";
       enable = true;
-      allowedUDPPorts = [ 24727 ];
+      allowedUDPPorts = [ 24727 51820 ];
       allowedTCPPorts = [ 24727 ];
     };
   };
 
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
   powerManagement = {
-    #cpuFreqGovernor = lib.mkDefault "schedutil";
-    #powertop.enable = true;    
+    powertop.enable = true;    
   };
 }