feat(pm/redhead): enable secure boot #76

I want to make booting not need a PIN/security key press, and therefore I want to make sure that I'm booting only what is explicitly permitted.

Therefore, let's use lanzaboote! I've set it up before, so it's relatively simple

+6 -1

2 changed files

Interdiff #1 → #2

expand all

packetmix

npins

sources.json

systems

redhead

lanzaboote.nix

packetmix/npins/sources.json

This file has not been changed.

+6 -1

packetmix/systems/redhead/lanzaboote.nix

··· 2 2 # 3 3 # SPDX-License-Identifier: MIT 4 4 5 - { project, pkgs, lib, ... }: 5 + { 6 + project, 7 + pkgs, 8 + lib, 9 + ... 10 + }: 6 11 { 7 12 imports = [ project.inputs.lanzaboote.result.nixosModules.lanzaboote ]; 8 13

History

3 rounds 0 comments

a.starrysky.fyi submitted #2 5mo

diff

1 commit

expand

10bdd99e

feat(pm/redhead): enable secure boot

5/5 success

expand

packetmix-npins-duplicate-check.yml

success 51s

packetmix-treefmt.yaml

success 1m 3s

reuse.yml

success 53s

expand 0 comments

pull request successfully merged

a.starrysky.fyi submitted #1 5mo

diff interdiff

1 commit

expand

cbaa1d71

feat(pm/redhead): enable secure boot

1/5 failed, 1/5 timeout, 3/5 success

expand

packetmix-npins-duplicate-check.yml

success 7m 39s

packetmix-treefmt.yaml

failed 1m 3s

reuse.yml

success 7s

expand 0 comments

a.starrysky.fyi submitted #0 5mo

diff

1 commit

expand

7aa3e3b3

feat(pm/redhead): enable secure boot

1/5 failed, 1/5 timeout, 3/5 success

expand

packetmix-npins-duplicate-check.yml

success 7s

packetmix-treefmt.yaml

failed 1m 2s

reuse.yml

success 8s

expand 0 comments