Test
This commit is contained in:
parent
91a44c646e
commit
84e08f8c8e
2 changed files with 8 additions and 2 deletions
|
@ -112,6 +112,8 @@ Completed ToDo List [here](docs/complete.md)
|
||||||
---
|
---
|
||||||
# Lanzaboote / SecureBoot
|
# Lanzaboote / SecureBoot
|
||||||
* Instructions here - [Link](https://git.sysctl.io/Mirrors/lanzaboote/src/branch/master/docs/QUICK_START.md)
|
* Instructions here - [Link](https://git.sysctl.io/Mirrors/lanzaboote/src/branch/master/docs/QUICK_START.md)
|
||||||
|
|
||||||
|
## Generic Instructions:
|
||||||
1. Create your keys: `sbctl create-keys`
|
1. Create your keys: `sbctl create-keys`
|
||||||
2. Verify your machine is ready for SecureBoot: `sbctl verify` - Everything except `*-bzImage.efi` are signed
|
2. Verify your machine is ready for SecureBoot: `sbctl verify` - Everything except `*-bzImage.efi` are signed
|
||||||
3. Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
|
3. Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
|
||||||
|
@ -120,6 +122,10 @@ Completed ToDo List [here](docs/complete.md)
|
||||||
* If you wish, you can select `--tpm-eventlog`, but checksums will change later (ie, at a kernel rebuild)
|
* If you wish, you can select `--tpm-eventlog`, but checksums will change later (ie, at a kernel rebuild)
|
||||||
5. Reboot and verify you are activated: `bootctl status`
|
5. Reboot and verify you are activated: `bootctl status`
|
||||||
|
|
||||||
|
## Framework Specific:
|
||||||
|
1. Change boot import from `boot.nix` to `secureboot.nix`
|
||||||
|
2. Reboot into EUFI and set SecureBoot to ""
|
||||||
|
|
||||||
# Manual: GPG Keys
|
# Manual: GPG Keys
|
||||||
1. Import the user private key: `gpg --import gpg/users/albert/privkey.asc`
|
1. Import the user private key: `gpg --import gpg/users/albert/privkey.asc`
|
||||||
2. Mark it as trusted: `gpg --edit-key albert@sysctl.io`, then type `trust`, then `5`
|
2. Mark it as trusted: `gpg --edit-key albert@sysctl.io`, then type `trust`, then `5`
|
||||||
|
|
|
@ -4,8 +4,8 @@
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
./disks.nix
|
./disks.nix
|
||||||
../../common/services/tailscale-autoconnect.nix
|
../../common/services/tailscale-autoconnect.nix
|
||||||
# ../../common/modules/secureboot.nix
|
../../common/modules/secureboot.nix
|
||||||
../../common/modules/boot.nix
|
# ../../common/modules/boot.nix
|
||||||
../../common/modules/udev-rules.nix
|
../../common/modules/udev-rules.nix
|
||||||
../../common/services/podman.nix
|
../../common/services/podman.nix
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in a new issue