Jump to content

Limine

From NixOS Wiki
☶︎
This article or section needs to be expanded. Further information may be found in the related discussion page. Please consult the pedia article metapage for guidelines on contributing.

Limine is a modern, advanced, portable, multiprotocol bootloader and boot manager. It aims to be more robust alternative to bootloaders like GNU GRUB. It can be configured via NixOS options under boot.loader.limine.

SecureBoot

Limine Secure Boot support is principally controlled by the module options.

⚠︎
Warning: Limine SecureBoot is still in development and requires some prerequisites and precautions. Currently it's only available for nixos-unstable. For more information, please see the Limine GitHub repository and documentation.

To enable Secure Boot, first switch to Limine as your bootloader. You may find the existing Bootloader documentation helpful.

Then add sbctl to you systems packages. It must be installed on a system level.

Generate keys with sbctl create-keys

Enable Secure Boot Setup Mode. This usually involves entering the BIOS and selecting an option to do so. On some BIOS implementations, there is not an explicit option to do so, but it will enter setup mode if one clears all Secure Boot keys.

Now, run sbctl enroll-keys -m -f to actually enroll your keys.

You can now rebuild with boot.loader.limine.secureBoot.enable set to true, and disable Secure Boot setup mode.

If this has been successful, you can check using bootctl status

$ bootctl status
systemd-boot not installed in ESP.
System:
      Firmware: n/a (n/a)
 Firmware Arch: x64
   Secure Boot: enabled (user)
...