diff --git a/nix/lanzaboote.nix b/nix/lanzaboote.nix index 5bab3b6..57605e6 100644 --- a/nix/lanzaboote.nix +++ b/nix/lanzaboote.nix @@ -45,7 +45,6 @@ in ''} ${cfg.package}/bin/lanzatool install \ - --pki-bundle ${cfg.pkiBundle} \ --public-key ${cfg.publicKeyFile} \ --private-key ${cfg.privateKeyFile} \ ${config.boot.loader.efi.efiSysMountPoint} \ diff --git a/rust/lanzatool/src/cli.rs b/rust/lanzatool/src/cli.rs index ec51cf4..8745170 100644 --- a/rust/lanzatool/src/cli.rs +++ b/rust/lanzatool/src/cli.rs @@ -27,14 +27,6 @@ struct InstallCommand { #[arg(long)] private_key: PathBuf, - /// sbctl PKI bundle for auto enrolling key - #[arg(long)] - pki_bundle: Option, - - /// Auto enroll your keys. This might brick your device - #[arg(long, default_value = "false")] - auto_enroll: bool, - /// EFI system partition mountpoint (e.g. efiSysMountPoint) esp: PathBuf, @@ -65,8 +57,6 @@ fn install(args: InstallCommand) -> Result<()> { install::Installer::new( PathBuf::from(lanzaboote_stub), key_pair, - args.pki_bundle, - args.auto_enroll, args.esp, args.generations, ) diff --git a/rust/lanzatool/src/install.rs b/rust/lanzatool/src/install.rs index 91971ca..822527d 100644 --- a/rust/lanzatool/src/install.rs +++ b/rust/lanzatool/src/install.rs @@ -15,8 +15,6 @@ use crate::signature::KeyPair; pub struct Installer { lanzaboote_stub: PathBuf, key_pair: KeyPair, - _pki_bundle: Option, - _auto_enroll: bool, esp: PathBuf, generations: Vec, } @@ -25,16 +23,12 @@ impl Installer { pub fn new( lanzaboote_stub: PathBuf, key_pair: KeyPair, - _pki_bundle: Option, - _auto_enroll: bool, esp: PathBuf, generations: Vec, ) -> Self { Self { lanzaboote_stub, key_pair, - _pki_bundle, - _auto_enroll, esp, generations, }