min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

createKeys option

This commit is contained in:
minish 2024-05-10 22:51:27 -04:00
parent 850f273222
commit 2fb1d3dad4
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nix/modules/lanzaboote.nix
View File

@ -21,6 +21,7 @@ in
enable = mkEnableOption "Enable the LANZABOOTE"; enable = mkEnableOption "Enable the LANZABOOTE";
enrollKeys = mkEnableOption "Automatic enrollment of the keys using sbctl"; enrollKeys = mkEnableOption "Automatic enrollment of the keys using sbctl";
createKeys = mkEnableOption "Automatic creation of the keys using sbctl";
configurationLimit = mkOption { configurationLimit = mkOption {
default = config.boot.loader.systemd-boot.configurationLimit; default = config.boot.loader.systemd-boot.configurationLimit;
@ -110,6 +111,10 @@ in
boot.loader.external = { boot.loader.external = {
enable = true; enable = true;
installHook = pkgs.writeShellScript "bootinstall" '' installHook = pkgs.writeShellScript "bootinstall" ''
${optionalString cfg.createKeys ''
${pkgs.sbctl}/bin/sbctl create-keys
''}
${optionalString cfg.enrollKeys '' ${optionalString cfg.enrollKeys ''
mkdir -p /tmp/pki mkdir -p /tmp/pki
cp -r ${cfg.pkiBundle}/* /tmp/pki cp -r ${cfg.pkiBundle}/* /tmp/pki