Limine
Limine is a modern, advanced, portable, multiprotocol bootloader and boot manager. It aims to be more robust alternative to bootloaders like GNU GRUB. It can be configured via NixOS options under boot.loader.limine.
SecureBoot
Limine Secure Boot support is principally controlled by the module options.
To enable Secure Boot, first switch to Limine as your bootloader. You may find the existing Bootloader documentation helpful.
Then add sbctl
to you systems packages. It must be installed on a system level.
Generate keys with sbctl create-keys
Enable Secure Boot Setup Mode. This usually involves entering the BIOS and selecting an option to do so. On some BIOS implementations, there is not an explicit option to do so, but it will enter setup mode if one clears all Secure Boot keys.
Now, run sbctl enroll-keys -m -f
to actually enroll your keys.
You can now rebuild with boot.loader.limine.secureBoot.enable
set to true, and disable Secure Boot setup mode.
If this has been successful, you can check using bootctl status
$ bootctl status
systemd-boot not installed in ESP.
System:
Firmware: n/a (n/a)
Firmware Arch: x64
Secure Boot: enabled (user)
...