sys/boot: impermanence: add support for an independent 'trust' persistent storage

author: Alejandro Soto <alejandro@34project.org> 2026-04-03 19:31:34 -0600
committer: Alejandro Soto <alejandro@34project.org> 2026-04-03 19:37:30 -0600
commit: 11bc7eb4378a8672861a5deec97826ba3294af59 (patch)
tree: c5a1d71d2ca0fb6490a93252c26bcf0e86216f93 /sys/boot/secure-boot.nix
parent: 0b64cdb680f8f8418f1faf7258e1c5c497069e1a (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/boot/secure-boot.nix b/sys/boot/secure-boot.nix
index b13ab7c..150ff92 100644
--- a/sys/boot/secure-boot.nix
+++ b/sys/boot/secure-boot.nix
@@ -46,6 +46,13 @@ in {
       pkgs.sbctl
     ];
 
-    local.boot.impermanence.directories = [pkiBundle];
+    local.boot.impermanence.trust.directories = [
+      {
+        directory = pkiBundle;
+        user = "root";
+        group = "root";
+        mode = "u=rwx,g=,o=";
+      }
+    ];
   };
 }
author	Alejandro Soto <alejandro@34project.org>	2026-04-03 19:31:34 -0600
committer	Alejandro Soto <alejandro@34project.org>	2026-04-03 19:37:30 -0600
commit	11bc7eb4378a8672861a5deec97826ba3294af59 (patch)
tree	c5a1d71d2ca0fb6490a93252c26bcf0e86216f93 /sys/boot/secure-boot.nix
parent	0b64cdb680f8f8418f1faf7258e1c5c497069e1a (diff)