From 2ea0b9623086b3421dbd7b3069ca2240d26add14 Mon Sep 17 00:00:00 2001
From: blake <me@blakedheld.xyz>
Date: Tue, 11 Nov 2025 15:55:18 -0600
Subject: [PATCH] add secure boot support

---
 modules/system/secure_boot/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/system/secure_boot/default.nix b/modules/system/secure_boot/default.nix
index d21c796..1579669 100644
--- a/modules/system/secure_boot/default.nix
+++ b/modules/system/secure_boot/default.nix
@@ -23,6 +23,8 @@ in {
     # force disable systemd-boot so lanzaboote can be used
     boot.loader.systemd-boot.enable = lib.mkForce false;
 
+    # make sure the keys are generated and in the pkiBundle path
+    # with `nix-shell -p --run "sbctl create-keys"`
     boot.lanzaboote = {
       enable = true;
       pkiBundle = "/var/lib/sbctl";