Merge pull request #336 from dweee/patch-1

docs: BitLocker recovery key warning
This commit is contained in:
Julian Stecklina 2024-04-04 06:33:00 +00:00 committed by GitHub
commit 90a97cceec
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 2 deletions

View File

@ -4,7 +4,7 @@ This document attempts to guide users into setting up UEFI Secure Boot
for their NixOS system using a custom key chain. The audience are for their NixOS system using a custom key chain. The audience are
experienced NixOS users. experienced NixOS users.
This guide has been tested on a Lenovo Thinkpad and is expected to This guide has been tested on a Lenovo ThinkPad and is expected to
work on other Thinkpads without change. On other systems, certain work on other Thinkpads without change. On other systems, certain
steps may be different. steps may be different.
@ -14,6 +14,13 @@ Secure Boot for NixOS is still in development and has some sharp
edges. There may be cases where you end up with a system that does not edges. There may be cases where you end up with a system that does not
boot. boot.
For Windows dual-booters and BitLocker users, it is highly recommended
that you export your BitLocker recovery keys and confirm that they are
correct. Please refer to this [Microsoft support article](https://support.microsoft.com/en-us/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6)
for help. This will be required once you finish this guide to confirm
with BitLocker that the PCRs changed during the next measurement are
intended and allows the TPM unlocking of Windows to work as normal.
**We only recommend this to NixOS users that are comfortable using **We only recommend this to NixOS users that are comfortable using
recovery tools to restore their system or have a backup ready.** recovery tools to restore their system or have a backup ready.**
@ -224,7 +231,7 @@ with your keys.
At least on some ASUS boards and others, you may also need to set the `OS Type` to "Windows UEFI Mode" in the Secure Boot settings, so that Secure Boot does get enabled. At least on some ASUS boards and others, you may also need to set the `OS Type` to "Windows UEFI Mode" in the Secure Boot settings, so that Secure Boot does get enabled.
These instructions are specific to Thinkpads and may need to be These instructions are specific to ThinkPads and may need to be
adapted on other systems. adapted on other systems.
### Entering Secure Boot Setup Mode ### Entering Secure Boot Setup Mode