370c7da4a9
nixpkgs nixos-25.11 브랜치의 nixos/doc/manual/ 디렉토리를 sparse clone으로 가져와 ~/obsidian/dev/nixos-manual/에 복사. _index.md에 구조/갱신 방법 정리. 오프라인 참조 + AI 에이전트 컨텍스트용. sandbox-tokyo 같은 NixOS 노드 운영 시 빠른 참조로 사용.
1.8 KiB
Bootspec
Bootspec is a feature introduced in RFC-0125 in order to standardize bootloader support and advanced boot workflows such as SecureBoot and potentially more. The reference implementation can be found here.
The creation of bootspec documents is enabled by default.
Schema
The bootspec schema is versioned and validated against a CUE schema file which should considered as the source of truth for your applications.
You will find the current version here.
Extensions mechanism
Bootspec cannot account for all usecases.
For this purpose, Bootspec offers a generic extension facility boot.bootspec.extensions which can be used to inject any data needed for your usecases.
An example for SecureBoot is to get the Nix store path to /etc/os-release in order to bake it into a unified kernel image:
{ config, lib, ... }:
{
boot.bootspec.extensions = {
"org.secureboot.osRelease" = config.environment.etc."os-release".source;
};
}
To reduce incompatibility and prevent names from clashing between applications, it is highly recommended to use a unique namespace for your extensions.
External bootloaders
It is possible to enable your own bootloader through boot.loader.external.installHook which can wrap an existing bootloader.
Currently, there is no good story to compose existing bootloaders to enrich their features, e.g. SecureBoot, etc. It will be necessary to reimplement or reuse existing parts.