> We plan on streamlining this as much as possible, but so far this has not happened yet.

Probably integrating something like sbctl (https://github.com/Foxboron/sbctl#sbctl---secure-boot-manage...) would do the trick, it's making the whole signing and key management dance easy.

Seems to already work together with limine on NixOS too: https://search.nixos.org/options?channel=25.11&query=sbctl#s...

Lanzaboote is great, I've been using it for almost a year now in a dual boot with Windows 11 for full secure boot on my desktop. It is quite stable (notably was set and forget) and the initial setup was relatively easy.

Huh, as a Lanaboote user I’m surprised to see this on the front page. I use this in combination with sbctl for key generation. I’m mostly using it because I wanted to set up full disk encryption with TPM2 auth.

This needs a (2022).

Browsing the internet about secure boot and NixOS, I found the article of one of the creators