Ra (Freyja) (it/its)𒀭𒈹𒍠𒊩since I haven't yet used it, should I try #NixOS on my backup NAS?
ok here we ggo. #NixOS ZFS root on the backup NAS
ok I've got a live image, /run/current-system/sw appears to be "ok I suppose we can sort of have a standard Unix-looking filesystem but not really"
and now I get to figure out how the fuck to do NixOS root on ZFS
update: success! NixOS is now running on Yttrium. Is there a declarative way to tell my zpool to expand to the other drives in my machine, or do I do that th old way?
update: NFS shared to my primary NAS, fwupd installed, nfs server running, this is actually working
update: NixOS still deosn't have
boot.loader.secureboot.enabled = true;
or anything like that? despite using systemd-boot..... that seems really dumb
I feel like the Linux community really fucked up in not embracing things like secure boot and mandatory disk encryption with TPM2 binding after the lies spread by anti-UEFI, anti-Secureboot people born out of misunderstandings about Windows 8 requirements
Ity Kitty@tranquillity oh there was a whole *thing* about how "oh, well, secure boot is a way for microsoft to control what you can run on your pc!" and "secrue boot is the root of evil drm!" and "uefi is microsoft's evil vehicle of evilness to do evil!" and all this shit
@freya oh those funny things
UEFI's secure boot is simply not secure, given its root of trust is a trivially reflashable chip unless you own a device with smth like Intel TXT. It's also why it's trivial to decrypt things like BitLocker, since BitLocker only measures PCR7 and thus uses the same root of trust
I don't like UEFI, but not like we got anything better. Esp. hell on things like RISC-V, but I digress. I'm glad on x86 we have a semi-standardized way of booting an executable + APIs, on ARM and RV all we got is uboot, hopes and dreams.
@tranquillity given Intel Boot Guard, now, UEFI secure boot is afaik pretty secure
@tranquillity incorrect, you're thinking of Intel AMT.