♻️ optional secure boot

installs/full.toml

@@ -47,6 +47,9 @@ gpu_driver = "NVIDIA"
 # Enable firewall
 firewall = true
 
+# Secure Boot
+secure_boot = true
+
 [pkg]
 # Additional packages
 pkg = [

src/config.rs

@@ -105,8 +105,10 @@ pub struct GeneralConfig {
     pub bluetooth: Option<bool>,
     /// Install Video Driver
     pub gpu_driver: Option<GPUVendor>,
-    // Eanble firewall
+    // Enable firewall
     pub firewall: Option<bool>,
+    // Want Secure Boot
+    pub secure_boot: Option<bool>,
 }
 
 #[derive(Debug, Clone, Deserialize)]

src/install/mod.rs

@@ -52,6 +52,7 @@ pub mod zram;
 use crate::{
     config::InstallConfig,
     pkg::{self, install_pkgs, pacstrap},
+    print_status,
 };
 
 /// Uncomment the first occurrence of a specified value in a file.
@@ -198,7 +199,11 @@ pub fn install_mnt(conf: InstallConfig, bare: bool) {
     setup_mkinitcpio(&conf.drive);
 
     if bare && has_secure_boot() {
-        setup_secure_boot();
+        if conf.general.secure_boot.unwrap_or(true) {
+            setup_secure_boot();
+        } else {
+            print_status("Skipping Secure Boot");
+        }
     }
 
     if conf.drive.encryption.is_some() {

src/main.rs

@@ -53,9 +53,6 @@ fn main() {
                 std::process::exit(1);
             }
 
-            // TODO : make secure boot configurable
-            //ensure_secure_boot();
-
             let config_file: &String = install_args.get_one("config").unwrap();
             let force = install_args.get_flag("force");
             let conf = read_conf(config_file);
@@ -66,6 +63,10 @@ fn main() {
                 expect_yes();
             }
 
+            if conf.general.secure_boot.unwrap_or(false) {
+                ensure_secure_boot();
+            }
+
             // Run the
             install(conf, true);
         }