min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos: add a lanzaboote module

This commit is contained in:
Raito Bezarius 2022-11-23 11:59:54 +01:00
parent a089c6fb3d
commit c53477fbf5
3 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
flake.lock
View File

@ -47,6 +47,22 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-test": {
"locked": {
"lastModified": 1669200924,
"narHash": "sha256-NUPT9VMQHnFRqqd/ILcfMSbOvPTLbVBXGO7SWj0N7Dg=",
"owner": "RaitoBezarius",
"repo": "nixpkgs",
"rev": "542f657a93ae903e07d6274de413142c4b99d6ed",
"type": "github"
},
"original": {
"owner": "RaitoBezarius",
"ref": "experimental-secureboot",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1669001258, "lastModified": 1669001258,
@ -83,6 +99,7 @@
"inputs": { "inputs": {
"naersk": "naersk", "naersk": "naersk",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-test": "nixpkgs-test",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
} }
}, },

28
flake.nix
View File

@ -3,11 +3,12 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-test.url = "github:RaitoBezarius/nixpkgs/experimental-secureboot";
rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.url = "github:oxalica/rust-overlay";
naersk.url = "github:nix-community/naersk"; naersk.url = "github:nix-community/naersk";
}; };
outputs = { self, nixpkgs, rust-overlay, naersk }: outputs = { self, nixpkgs, nixpkgs-test, rust-overlay, naersk }:
let let
pkgs = import nixpkgs { pkgs = import nixpkgs {
system = "x86_64-linux"; system = "x86_64-linux";
@ -127,6 +128,12 @@
add-sections ${lanzaboote}/bin/lanzaboote.efi ${osrel} ${cmdline} $out/bin/lanzaboote.efi add-sections ${lanzaboote}/bin/lanzaboote.efi ${osrel} ${cmdline} $out/bin/lanzaboote.efi
''; '';
in { in {
overlays.default = final: prev: {
inherit lanzaboote lanzatool;
};
nixosModules.lanzaboote = import ./nix/lanzaboote.nix;
packages.x86_64-linux = { packages.x86_64-linux = {
inherit qemuUefi uefi-run initrd-stub lanzaboote lanzaboote-uki lanzatool wrapInitrd; inherit qemuUefi uefi-run initrd-stub lanzaboote lanzaboote-uki lanzatool wrapInitrd;
default = lanzaboote-uki; default = lanzaboote-uki;
@ -146,5 +153,24 @@
lanzaboote lanzaboote
]; ];
}; };
checks.x86_64-linux = {
lanzaboote-boot =
let test = import ("${nixpkgs-test}/nixos/lib/testing-python.nix") { system = "x86_64-linux"; };
in
test.makeTest
{
name = "stub-boot";
nodes.machine = { ... }: {
imports = [ self.nixosModules.lanzaboote ];
nixpkgs.overlays = [ self.overlays.default ];
boot.lanzaboote.enable = true;
};
testScript = ''
start_all()
'';
};
};
}; };
} }

17
nix/lanzaboote.nix Normal file
View File

@ -0,0 +1,17 @@
{ lib, config, ... }:
with lib;
let
cfg = config.boot.lanzaboote;
in
{
options.boot.lanzaboote = {
enable = mkEnableOption "Enable the LANZABOOTE";
};
config = mkIf cfg.enable {
boot.loader.external = {
enable = true;
installHook = "${pkgs.lanzatool}/bin/lanzatool install";
};
};
}