Limine: Difference between revisions

(3 intermediate revisions by 2 users not shown)

Line 1:

[https://limine-bootloader.org/ Limine] ([https://www.merriam-webster.com/dictionary/in%20limine lē-mi-ne]) is a modern, advanced, portable, multi-protocol bootloader and boot manager. It aims to be a more robust alternative to bootloaders like [[GNU GRUB]] and [[Systemd/boot|Systemd-boot]]. ~~It can be configured using the NixOS~~ options ~~under~~

[https://limine-bootloader.org/ '''Limine'''] ([https://www.merriam-webster.com/dictionary/in%20limine lē-mi-ne]) is a modern, advanced, portable, multi-protocol bootloader and boot manager. It aims to be a more robust alternative to bootloaders like [[GNU GRUB]] and [[Systemd/boot|Systemd-boot]].

[https://search.nixos.org/options?channel=unstable&show=boot.loader.limine. boot.loader.limine.]

== Usage ==

To install and enable Limine, add this to your system configuration:

{{File|3=<nowiki>

boot.loader.limine.enable = true;

</nowiki>|name=/etc/nixos/configuration.nix|lang=nix}}

For additional Limine module configuration options, refer to [https://search.nixos.org/options?channel=unstable&show=boot.loader.limine. boot.loader.limine.]

== Secure Boot ==

Line 16:

Line 22:

# <code>sbctl</code> is installed as a system level package (using <code>environment.systemPackages</code>).

=== Generate Secure Boot ~~Keys~~ ===

=== Generate Secure Boot keys ===

<code>sbctl</code> is used to securely generate & store the Secure Boot keys. Generating the keys is as ~~easy~~ as:<syntaxhighlight lang="console">

<code>sbctl</code> is used to securely generate & store the Secure Boot keys. Generating the keys is as simple as:<syntaxhighlight lang="console">

$ sudo sbctl create-keys

</syntaxhighlight>This stores your secure boot keys at <code>/var/lib/sbctl</code> and sets the permissions so that they can only be read by the root user.

Line 29:

Line 35:

After entering Setup Mode or clearing the keys, reboot back into NixOS.

=== Enroll Secure Boot ~~Keys~~ ===

=== Enroll Secure Boot keys ===

Once in Setup Mode, your generated keys can be enrolled using <code>sbctl</code>. <syntaxhighlight lang="console">

Once in Setup Mode, your generated keys can be enrolled using <code>sbctl</code> again. <syntaxhighlight lang="console">

$ sudo sbctl enroll-keys --microsoft --firmware-builtin

</syntaxhighlight>The <code>--microsoft</code> option is required for some devices which have hardware OptionROMS signed by Microsoft keys.

</syntaxhighlight>The <code>--microsoft</code> option is required for some devices which have hardware OptionROMS signed by Microsoft keys. The <code>--firmware-builtin</code> option ensures your OEM certificates are also installed.

If this is successful, you can now rebuild with <code>boot.loader.limine.secureBoot.enable</code> set to true and reboot. Secure Boot should be enabled after reboot, but some devices will require it to be re-enabled manually in the UEFI firmware.

Once rebooted, you can verify the ~~secure boot~~ status using, <code>bootctl status</code>.

Once rebooted, you can verify the Secure Boot status using, <code>bootctl status</code>.

Line 51:

Line 57:

[[Secure Boot]]

[https://~~codeberg~~.~~org~~/Limine/Limine Limine ~~Codeberg~~ Repository]

[[Bootloader]]

[https://github.com/Limine-Bootloader/Limine Limine GitHub Repository]

[[Category:Booting]]

[[Category:Secure Boot]]

@@ Line 1: / Line 1: @@
 {{expand}}
-[https://limine-bootloader.org/ Limine] ([https://www.merriam-webster.com/dictionary/in%20limine lē-mi-ne]) is a modern, advanced, portable, multi-protocol bootloader and boot manager. It aims to be a more robust alternative to bootloaders like [[GNU GRUB]] and [[Systemd/boot|Systemd-boot]]. It can be configured using the NixOS options under
+[https://limine-bootloader.org/ '''Limine'''] ([https://www.merriam-webster.com/dictionary/in%20limine lē-mi-ne]) is a modern, advanced, portable, multi-protocol bootloader and boot manager. It aims to be a more robust alternative to bootloaders like [[GNU GRUB]] and [[Systemd/boot|Systemd-boot]].
-[https://search.nixos.org/options?channel=unstable&show=boot.loader.limine. boot.loader.limine.]
+== Usage ==
+To install and enable Limine, add this to your system configuration:
+{{File|3=<nowiki>
+boot.loader.limine.enable = true;
+</nowiki>|name=/etc/nixos/configuration.nix|lang=nix}}
+For additional Limine module configuration options, refer to  [https://search.nixos.org/options?channel=unstable&show=boot.loader.limine. boot.loader.limine.]
 == Secure Boot ==
@@ Line 16: / Line 22: @@
 # <code>sbctl</code> is installed as a system level package (using <code>environment.systemPackages</code>).
-=== Generate Secure Boot Keys ===
+=== Generate Secure Boot keys ===
-<code>sbctl</code> is used to securely generate & store the Secure Boot keys. Generating the keys is as easy as:<syntaxhighlight lang="console">
+<code>sbctl</code> is used to securely generate & store the Secure Boot keys. Generating the keys is as simple as:<syntaxhighlight lang="console">
 $ sudo sbctl create-keys
 </syntaxhighlight>This stores your secure boot keys at <code>/var/lib/sbctl</code> and sets the permissions so that they can only be read by the root user.
@@ Line 29: / Line 35: @@
 After entering Setup Mode or clearing the keys, reboot back into NixOS.
-=== Enroll Secure Boot Keys ===
+=== Enroll Secure Boot keys ===
-Once in Setup Mode, your generated keys can be enrolled using <code>sbctl</code>. <syntaxhighlight lang="console">
+Once in Setup Mode, your generated keys can be enrolled using <code>sbctl</code> again. <syntaxhighlight lang="console">
 $ sudo sbctl enroll-keys --microsoft --firmware-builtin
-</syntaxhighlight>The <code>--microsoft</code> option is required for some devices which have hardware OptionROMS signed by Microsoft keys.
+</syntaxhighlight>The <code>--microsoft</code> option is required for some devices which have hardware OptionROMS signed by Microsoft keys. The <code>--firmware-builtin</code> option ensures your OEM certificates are also installed.
 If this is successful, you can now rebuild with <code>boot.loader.limine.secureBoot.enable</code> set to true and reboot. Secure Boot should be enabled after reboot, but some devices will require it to be re-enabled manually in the UEFI firmware.
-Once rebooted, you can verify the secure boot status using, <code>bootctl status</code>.
+Once rebooted, you can verify the Secure Boot status using, <code>bootctl status</code>.
 <syntaxHighlight lang=console>
@@ Line 51: / Line 57: @@
 [[Secure Boot]]
-[https://codeberg.org/Limine/Limine Limine Codeberg Repository]
+[[Bootloader]]
+[https://github.com/Limine-Bootloader/Limine Limine GitHub Repository]
 [[Category:Booting]]
+[[Category:Secure Boot]]