Limine: Difference between revisions
Added "See Also" section |
m Grammar and wording improvements |
||
| Line 1: | Line 1: | ||
{{expand}} | {{expand}} | ||
[https://limine-bootloader.org/ Limine] ([https://www.merriam-webster.com/dictionary/in%20limine lē-mi-ne]) is a modern, advanced, portable, multi-protocol bootloader and boot manager. It aims to be a more robust alternative to bootloaders like [[GNU GRUB]] and [[Systemd/boot|Systemd-boot]]. It can be configured using the NixOS options under | [https://limine-bootloader.org/ '''Limine'''] ([https://www.merriam-webster.com/dictionary/in%20limine lē-mi-ne]) is a modern, advanced, portable, multi-protocol bootloader and boot manager. It aims to be a more robust alternative to bootloaders like [[GNU GRUB]] and [[Systemd/boot|Systemd-boot]]. It can be configured using the NixOS options under | ||
[https://search.nixos.org/options?channel=unstable&show=boot.loader.limine. boot.loader.limine.] | [https://search.nixos.org/options?channel=unstable&show=boot.loader.limine. boot.loader.limine.] | ||
| Line 16: | Line 16: | ||
# <code>sbctl</code> is installed as a system level package (using <code>environment.systemPackages</code>). | # <code>sbctl</code> is installed as a system level package (using <code>environment.systemPackages</code>). | ||
=== Generate Secure Boot | === Generate Secure Boot keys === | ||
<code>sbctl</code> is used to securely generate & store the Secure Boot keys. Generating the keys is as | <code>sbctl</code> is used to securely generate & store the Secure Boot keys. Generating the keys is as simple as:<syntaxhighlight lang="console"> | ||
$ sudo sbctl create-keys | $ sudo sbctl create-keys | ||
</syntaxhighlight>This stores your secure boot keys at <code>/var/lib/sbctl</code> and sets the permissions so that they can only be read by the root user. | </syntaxhighlight>This stores your secure boot keys at <code>/var/lib/sbctl</code> and sets the permissions so that they can only be read by the root user. | ||
| Line 29: | Line 29: | ||
After entering Setup Mode or clearing the keys, reboot back into NixOS. | After entering Setup Mode or clearing the keys, reboot back into NixOS. | ||
=== Enroll Secure Boot | === Enroll Secure Boot keys === | ||
Once in Setup Mode, your generated keys can be enrolled using <code>sbctl</code>. <syntaxhighlight lang="console"> | Once in Setup Mode, your generated keys can be enrolled using <code>sbctl</code> again. <syntaxhighlight lang="console"> | ||
$ sudo sbctl enroll-keys --microsoft --firmware-builtin | $ sudo sbctl enroll-keys --microsoft --firmware-builtin | ||
</syntaxhighlight>The <code>--microsoft</code> option is required for some devices which have hardware OptionROMS signed by Microsoft keys. | </syntaxhighlight>The <code>--microsoft</code> option is required for some devices which have hardware OptionROMS signed by Microsoft keys. The <code>--firmware-builtin</code> option ensures your OEM certificates are also installed. | ||
If this is successful, you can now rebuild with <code>boot.loader.limine.secureBoot.enable</code> set to true and reboot. Secure Boot should be enabled after reboot, but some devices will require it to be re-enabled manually in the UEFI firmware. | If this is successful, you can now rebuild with <code>boot.loader.limine.secureBoot.enable</code> set to true and reboot. Secure Boot should be enabled after reboot, but some devices will require it to be re-enabled manually in the UEFI firmware. | ||
Once rebooted, you can verify the | Once rebooted, you can verify the Secure Boot status using, <code>bootctl status</code>. | ||
<syntaxHighlight lang=console> | <syntaxHighlight lang=console> | ||
| Line 53: | Line 53: | ||
[https://codeberg.org/Limine/Limine Limine Codeberg Repository] | [https://codeberg.org/Limine/Limine Limine Codeberg Repository] | ||
[[Category:Booting]] | [[Category:Booting]] | ||
[[Category:Secure Boot]] | |||