Browse Source

grub2: add signKey option

develop
Milan 10 months ago
parent
commit
624b4c2d5d
Signed by: petabyteboy GPG Key ID: A6DC6A7CB0B97859
  1. 14
      modules/grub2/default.nix

14
modules/grub2/default.nix

@ -8,7 +8,10 @@ let
if cfg.asSecondaryPayload then "img/grub2" else "fallback/payload";
configText = (readFile ./files/grub.cfg) + cfg.extraConfig
+ (optionalString (cfg.scanDevices) (readFile ./files/grub-scan.cfg))
+ (optionalString (cfg.signKey != null) ''
trust (cbfsdisk)/etc/trusted.key
set check_signatures=enforce
'') + (optionalString (cfg.scanDevices) (readFile ./files/grub-scan.cfg))
+ (optionalString (cfg.users != { }) ((concatStringsSep "\n" (mapAttrsToList
(n: u: ''
${
@ -86,6 +89,11 @@ in {
default = pkgs.coreboot-payload-grub2;
};
signKey = mkOption {
type = types.nullOr types.path;
default = null;
};
extraPayloadModules = mkOption {
type = types.listOf types.str;
default = [ ];
@ -118,6 +126,8 @@ in {
"grub-mkfont --range=0x20-0x7E,0x2501-0x251F,0x2191-0x2193 --size=14 -o $out ${cfg.font}");
"etc/grub.cfg".src = cfg.configFile;
"background.png".src = ./files/background.png;
};
} // (optionalAttrs (cfg.signKey != null) {
"etc/trusted.key".src = cfg.signKey;
});
};
}

Loading…
Cancel
Save