Today I set up Secure Boot on one of my #NixOS machines. After I found the reason for the beloved `error: infinite recursion encountered` issue (I forgot to add lanzaboote as an argument via specialArgs), it – just worked.
Then I continued to set up LUKS unlocking via a #TPM sealed key. Also really easy.
I'm amazed.
On one machine I would like to set up #SecureBoot. I use grub as it offers redundant bootloaders via the mirroredBoots options, which makes it incompatible with #Lanzaboote.
#nixos #tpm #secureboot #lanzaboote
Today, I learned to be thankful for Rust in low-level contexts such as #UEFI as I am working on https://github.com/systemd/systemd/pull/28057 for #NixOS so we can support SecureBoot without #lanzaboote special tricks (i.e. not respecting upstream and creating fake "thin" UKIs).
I have been recompiling EDK2 too many times, thank myself for enabling a lot of debugging knobs in our EDK2 build in #nixos.
I have a nice development setup:
Just set up #secureboot and systemd-cryptenroll on #nixos with #lanzaboote after attending the FOSDEM talk about Secure Boot on NixOS :blobcataww:
Thanks a lot to @raito @blitz @nikstur for the great work!!
#secureboot #nixos #lanzaboote