diff options
author | obadz <obadz-git@obadz.com> | 2016-09-13 18:46:53 +0100 |
---|---|---|
committer | obadz <obadz-git@obadz.com> | 2016-09-16 18:02:36 +0100 |
commit | 1c9ac8aabc3105b14c762459bd14a5d53f691449 (patch) | |
tree | 6880846ad9e890add5386d2aea5ee43e1c1cb339 /nixos/modules/system/boot/loader/grub/grub.nix | |
parent | a0b643ed06e956080c6acc91b4c209a195b8a18a (diff) | |
download | nixlib-1c9ac8aabc3105b14c762459bd14a5d53f691449.tar nixlib-1c9ac8aabc3105b14c762459bd14a5d53f691449.tar.gz nixlib-1c9ac8aabc3105b14c762459bd14a5d53f691449.tar.bz2 nixlib-1c9ac8aabc3105b14c762459bd14a5d53f691449.tar.lz nixlib-1c9ac8aabc3105b14c762459bd14a5d53f691449.tar.xz nixlib-1c9ac8aabc3105b14c762459bd14a5d53f691449.tar.zst nixlib-1c9ac8aabc3105b14c762459bd14a5d53f691449.zip |
grub: add boot.loader.grub.efiInstallAsRemovable
Closes #16374
Diffstat (limited to 'nixos/modules/system/boot/loader/grub/grub.nix')
-rw-r--r-- | nixos/modules/system/boot/loader/grub/grub.nix | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 61c34cc2f034..e47afd061e2b 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -55,7 +55,7 @@ let inherit (cfg) version extraConfig extraPerEntryConfig extraEntries extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels - default fsIdentifier efiSupport gfxmodeEfi gfxmodeBios; + default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios; path = (makeBinPath ([ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.findutils pkgs.diffutils pkgs.btrfs-progs pkgs.utillinux ] ++ (if cfg.efiSupport && (cfg.version == 2) then [pkgs.efibootmgr ] else []) @@ -357,6 +357,44 @@ in ''; }; + efiInstallAsRemovable = mkOption { + default = false; + example = true; + type = types.bool; + description = '' + Whether to invoke <literal>grub-install</literal> with + <literal>--removable</literal>. + + Unless turn this on, GRUB will install itself somewhere (exactly + where depends on other config variables) in + <literal>boot.loader.efi.efiSysMountPoint</literal>. If you've set + <literal>boot.loader.efi.canTouchEfiVariables</literal> *AND* you + are currently booted in UEFI mode, then GRUB will use + <literal>efibootmgr</literal> to modify the boot order in the NVRAM's + EFI variables of your computer to include this location. If you are + *not* booted in UEFI mode at the time grub is being installed, the + NVRAM will not be modified, and your system will not find GRUB at + boot time. GRUB will still succeed (althgouh you'll see a warning + printed "<literal>efibootmgr: EFI variables are not supported on + this system.</literal>"). + + If you do turn this feature on, then GRUB will install itself + in a specific special location within <literal>efiSysMountPoint</literal> + (namely <literal>EFI/boot/boot$arch.efi</literal>) which is the firmwares + are hardcoded to try first, regardless of NVRAM EFI variables. + + To summarize, turn this on if: + <itemizedlist> + <listitem>You are installing NixOS and want it to boot in UEFI mode, + but you are currently booted in legacy mode</listitem> + <listitem>You want to make a drive that will boot regardless of + the NVRAM state of the computer (like a USB "removable" drive)</listitem> + <listitem>You simply dislike the idea of depending on some NVRAM + state to make your drive bootable</listitem> + </itemizedlist> + ''; + }; + enableCryptodisk = mkOption { default = false; type = types.bool; @@ -484,6 +522,14 @@ in assertion = !cfg.trustedBoot.enable || cfg.trustedBoot.systemHasTPM == "YES_TPM_is_activated"; message = "Trusted GRUB can break the system! Confirm that the system has an activated TPM by setting 'systemHasTPM'."; } + { + assertion = cfg.efiInstallAsRemovable -> cfg.efiSupport; + message = "If you wish to to use boot.loader.grub.efiInstallAsRemovable, then turn on boot.loader.grub.efiSupport"; + } + { + assertion = cfg.efiInstallAsRemovable -> !config.boot.loader.efi.canTouchEfiVariables; + message = "If you wish to to use boot.loader.grub.efiInstallAsRemovable, then turn off boot.loader.efi.canTouchEfiVariables"; + } ] ++ flip concatMap cfg.mirroredBoots (args: [ { assertion = args.devices != [ ]; |