Today I set up Secure Boot on one of my #NixOS machines. After I found the reason for the beloved `error: infinite recursion encountered` issue (I forgot to add lanzaboote as an argument via specialArgs), it – just worked.

Then I continued to set up LUKS unlocking via a #TPM sealed key. Also really easy.

I'm amazed.

On one machine I would like to set up #SecureBoot. I use grub as it offers redundant bootloaders via the mirroredBoots options, which makes it incompatible with #Lanzaboote.

Today, I learned to be thankful for Rust in low-level contexts such as #UEFI as I am working on https://github.com/systemd/systemd/pull/28057 for #NixOS so we can support SecureBoot without #lanzaboote special tricks (i.e. not respecting upstream and creating fake "thin" UKIs).

I have been recompiling EDK2 too many times, thank myself for enabling a lot of debugging knobs in our EDK2 build in #nixos.

I have a nice development setup:

Just set up #secureboot and systemd-cryptenroll on #nixos with #lanzaboote after attending the FOSDEM talk about Secure Boot on NixOS :blobcataww:
Thanks a lot to @raito @blitz @nikstur for the great work!!