diff options
| author | Alejandro Soto <alejandro@34project.org> | 2025-07-26 18:13:31 -0600 |
|---|---|---|
| committer | Alejandro Soto <alejandro@34project.org> | 2025-07-26 18:59:49 -0600 |
| commit | 33707eb9d2423115f9ae5c4633c774363396abde (patch) | |
| tree | 3126521a002c34e30f42121c335c771a11ba8a7d /sys/boot | |
| parent | 81322ec6ffe1f971b45561d70faf8749342607a4 (diff) | |
sys/boot/secure-boot: support new path for secure boot keys at /var/lib/sbctl
Diffstat (limited to '')
| -rw-r--r-- | sys/boot/secure-boot.nix | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/sys/boot/secure-boot.nix b/sys/boot/secure-boot.nix index bdf7f0f..3e874c3 100644 --- a/sys/boot/secure-boot.nix +++ b/sys/boot/secure-boot.nix @@ -1,10 +1,20 @@ { config, lib, pkgs, ... }: with lib; let cfg = config.local.boot.secureBoot; + + pkiBundle = + if cfg.legacyPath + then "/etc/secureboot" + else "/var/lib/sbctl"; in { options.local.boot.secureBoot = { enable = mkEnableOption "secure boot"; + + legacyPath = mkOption { + type = types.bool; + default = false; + }; }; config = mkIf cfg.enable { @@ -24,7 +34,7 @@ in lanzaboote = { enable = true; - pkiBundle = "/etc/secureboot"; + inherit pkiBundle; }; }; @@ -32,6 +42,6 @@ in pkgs.sbctl ]; - local.boot.impermanence.directories = [ "/etc/secureboot" ]; + local.boot.impermanence.directories = [ pkiBundle ]; }; } |