diff options
| author | Thomas Strobel <ts468@cam.ac.uk> | 2015-12-21 20:20:29 +0100 |
|---|---|---|
| committer | Thomas Strobel <ts468@cam.ac.uk> | 2015-12-22 03:12:30 +0100 |
| commit | d856841ba42eb8ad56e71c261753cc5b7f02d6c9 (patch) | |
| tree | c7da43ca19d44e94f866a80582ec16fd378237eb /nixos/modules | |
| parent | d76c26e876bfea826a1e43bbe8f0243095566216 (diff) | |
| download | nixlib-d856841ba42eb8ad56e71c261753cc5b7f02d6c9.tar nixlib-d856841ba42eb8ad56e71c261753cc5b7f02d6c9.tar.gz nixlib-d856841ba42eb8ad56e71c261753cc5b7f02d6c9.tar.bz2 nixlib-d856841ba42eb8ad56e71c261753cc5b7f02d6c9.tar.lz nixlib-d856841ba42eb8ad56e71c261753cc5b7f02d6c9.tar.xz nixlib-d856841ba42eb8ad56e71c261753cc5b7f02d6c9.tar.zst nixlib-d856841ba42eb8ad56e71c261753cc5b7f02d6c9.zip | |
nixos trustedGRUB: add support for HP laptops
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/system/boot/loader/grub/grub.nix | 62 |
1 files changed, 39 insertions, 23 deletions
diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 87dbbd7cd51f..47605e3685ca 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -10,8 +10,11 @@ let realGrub = if cfg.version == 1 then pkgs.grub else if cfg.zfsSupport then pkgs.grub2.override { zfsSupport = true; } - else if cfg.enableTrustedBoot then pkgs.trustedGrub - else pkgs.grub2; + else if cfg.trustedBoot.enable + then if cfg.trustedBoot.isHPLaptop + then pkgs.trustedGrub-for-HP + else pkgs.trustedGrub + else pkgs.grub2; grub = # Don't include GRUB if we're only generating a GRUB menu (e.g., @@ -369,24 +372,37 @@ in ''; }; - enableTrustedBoot = mkOption { - default = false; - type = types.bool; - description = '' - Enable trusted boot. GRUB will measure all critical components during - the boot process to offer TCG (TPM) support. - ''; - }; + trustedBoot = { + + enable = mkOption { + default = false; + type = types.bool; + description = '' + Enable trusted boot. GRUB will measure all critical components during + the boot process to offer TCG (TPM) support. + ''; + }; + + systemHasTPM = mkOption { + default = ""; + example = "YES_TPM_is_activated"; + type = types.string; + description = '' + Assertion that the target system has an activated TPM. It is a safety + check before allowing the activation of 'trustedBoot.enable'. TrustedBoot + WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available. + ''; + }; + + isHPLaptop = mkOption { + default = false; + type = types.bool; + description = '' + Use a special version of TrustedGRUB that is needed by some HP laptops + and works only for the HP laptops. + ''; + }; - systemHasTPM = mkOption { - default = ""; - example = "YES_TPM_is_activated"; - type = types.string; - description = '' - Assertion that the target system has an activated TPM. It is a safety - check before allowing the activation of 'enableTrustedBoot'. TrustedBoot - WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available. - ''; }; }; @@ -452,19 +468,19 @@ in message = "You cannot have duplicated devices in mirroredBoots"; } { - assertion = !cfg.enableTrustedBoot || cfg.version == 2; + assertion = !cfg.trustedBoot.enable || cfg.version == 2; message = "Trusted GRUB is only available for GRUB 2"; } { - assertion = !cfg.efiSupport || !cfg.enableTrustedBoot; + assertion = !cfg.efiSupport || !cfg.trustedBoot.enable; message = "Trusted GRUB does not have EFI support"; } { - assertion = !cfg.zfsSupport || !cfg.enableTrustedBoot; + assertion = !cfg.zfsSupport || !cfg.trustedBoot.enable; message = "Trusted GRUB does not have ZFS support"; } { - assertion = !cfg.enableTrustedBoot || cfg.systemHasTPM == "YES_TPM_is_activated"; + assertion = !cfg.trustedBoot.enable || cfg.trustedBoot.systemHasTPM == "YES_TPM_is_activated"; message = "Trusted GRUB can break the system! Confirm that the system has an activated TPM by setting 'systemHasTPM'."; } ] ++ flip concatMap cfg.mirroredBoots (args: [ |