Test
This commit is contained in:
parent
91a44c646e
commit
84e08f8c8e
2 changed files with 8 additions and 2 deletions
|
@ -112,6 +112,8 @@ Completed ToDo List [here](docs/complete.md)
|
|||
---
|
||||
# Lanzaboote / SecureBoot
|
||||
* Instructions here - [Link](https://git.sysctl.io/Mirrors/lanzaboote/src/branch/master/docs/QUICK_START.md)
|
||||
|
||||
## Generic Instructions:
|
||||
1. Create your keys: `sbctl create-keys`
|
||||
2. Verify your machine is ready for SecureBoot: `sbctl verify` - Everything except `*-bzImage.efi` are signed
|
||||
3. Enter Secureboot Setup mode in your EFI Settings on the motherboard (F10)
|
||||
|
@ -120,6 +122,10 @@ Completed ToDo List [here](docs/complete.md)
|
|||
* If you wish, you can select `--tpm-eventlog`, but checksums will change later (ie, at a kernel rebuild)
|
||||
5. Reboot and verify you are activated: `bootctl status`
|
||||
|
||||
## Framework Specific:
|
||||
1. Change boot import from `boot.nix` to `secureboot.nix`
|
||||
2. Reboot into EUFI and set SecureBoot to ""
|
||||
|
||||
# Manual: GPG Keys
|
||||
1. Import the user private key: `gpg --import gpg/users/albert/privkey.asc`
|
||||
2. Mark it as trusted: `gpg --edit-key albert@sysctl.io`, then type `trust`, then `5`
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
./disks.nix
|
||||
../../common/services/tailscale-autoconnect.nix
|
||||
# ../../common/modules/secureboot.nix
|
||||
../../common/modules/boot.nix
|
||||
../../common/modules/secureboot.nix
|
||||
# ../../common/modules/boot.nix
|
||||
../../common/modules/udev-rules.nix
|
||||
../../common/services/podman.nix
|
||||
];
|
||||
|
|
Loading…
Reference in a new issue