feat: rip lanzaboote

2025-12-10 00:43:56 -05:00 · 2025-11-06 22:19:55 -05:00 · 2025-11-06 22:19:55 -05:00 · 1abe992961
commit 1abe992961
parent f3c90cfebc
3 changed files with 26 additions and 208 deletions
--- a/nixosConfigurations/gerg-desktop/boot.nix
+++ b/nixosConfigurations/gerg-desktop/boot.nix
@ -1,67 +1,38 @@
 {
-  lanzaboote,
-  config,
  lib,
  pkgs,
 }:
-let
-  windowsConf = ''
-    title  Windows
-    efi     /shellx64.efi
-    options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi
-  '';
-in
 {
-  imports = [ lanzaboote.nixosModules.lanzaboote ];
+  local.packages = {
+    inherit (pkgs) sbctl;
+  };

-  environment.systemPackages = [
-    pkgs.sbctl
-    (pkgs.writeShellScriptBin "windows" ''
-      bootctl set-oneshot windows.conf
-      bootctl set-timeout-oneshot 1
-      reboot
-    '')
-  ];
  systemd.tmpfiles.rules = [
    "L+ /var/lib/sbctl  - - - - /persist/secureboot"
  ];

  boot = {
-    lanzaboote = {
-      enable = true;
-      pkiBundle = "/var/lib/sbctl";
-      configurationLimit = 10;
-      package = lib.mkForce (
-        pkgs.writeShellApplication {
-          name = "lzbt";
-          runtimeInputs = [
-            lanzaboote.packages.tool
-            pkgs.coreutils
-            pkgs.sbctl
-          ];
-          text = ''
-            lzbt "$@"
-            MP='${config.boot.loader.efi.efiSysMountPoint}'
-            cp -f '${pkgs.edk2-uefi-shell.efi}' "$MP/shellx64.efi"
-            mkdir -p "$MP/loader/entries"
-            sbctl sign -s "$MP/shellx64.efi"
-            cat << EOF > "$MP/loader/entries/windows.conf"
-            ${windowsConf}
-            EOF
-          '';
-        }
-      );
-    };
-
    loader = {
-      systemd-boot = {
-        enable = lib.mkForce false;
-        extraFiles."shellx64.efi" = pkgs.edk2-uefi-shell.efi;
-        extraEntries."windows.conf" = windowsConf;
+      limine = {
+        enable = true;
+        biosSupport = false;
+        efiSupport = true;
+        maxGenerations = 10;
+        enableEditor = false;
+        secureBoot = {
+          enable = true;
+        };
+        extraEntries = ''
+          /Windows
+              protocol: efi
+              path: uuid(58952b7f-ac08-4fa3-92ad-cac5a3349199):/EFI/Microsoft/Boot/bootmgfw.efi
+        '';
      };
+      efi.efiSysMountPoint = "/efi0E";
+      # just in case
+      systemd-boot.enable = lib.mkForce false;
      grub.enable = lib.mkForce false;
      timeout = lib.mkForce 5;
-      efi.efiSysMountPoint = "/efi22";
    };
  };
 }