Experimental feature: Bootspec
Bootspec is a experimental feature, introduced in the
RFC-0125
proposal, the reference implementation can be found
there
in order to standardize bootloader support and advanced boot
workflows such as SecureBoot and potentially more.
You can enable the creation of bootspec documents through
boot.bootspec.enable = true,
which will prompt a warning until
RFC-0125
is officially merged.
Schema
The bootspec schema is versioned and validated against
a CUE schema file
which should considered as the source of truth for your
applications.
You will find the current version
here.
Extensions mechanism
Bootspec cannot account for all usecases.
For this purpose, Bootspec offers a generic extension facility
boot.bootspec.extensions
which can be used to inject any data needed for your usecases.
An example for SecureBoot is to get the Nix store path to
/etc/os-release in order to bake it into a
unified kernel image:
{ config, lib, ... }: {
boot.bootspec.extensions = {
"org.secureboot.osRelease" = config.environment.etc."os-release".source;
};
}
To reduce incompatibility and prevent names from clashing between
applications, it is highly
recommended to use a unique namespace for your
extensions.
External bootloaders
It is possible to enable your own bootloader through
boot.loader.external.installHook
which can wrap an existing bootloader.
Currently, there is no good story to compose existing bootloaders
to enrich their features, e.g. SecureBoot, etc. It will be
necessary to reimplement or reuse existing parts.