MrCirdo · May 13, 2025 20:27
diff --git a/notes.txt b/notes.txt
 1. extract files
 2. disable shim : sudo grub-mkimage -o ./EFI/BOOT/BOOTX64.EFI -p /EFI/BOOT -O x86_64-efi --disable-shim-lock fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain halt efifwsetup efi_gop ls search search_label search_fs_uuid search_fs_file echo serial gfxmenu gfxterm gfxterm_background gfxterm_menu test loadenv all_video videoinfo png 
 3. weird hack: sudo sed -i 's/SecureBoot/SecureB00t/' ./EFI/BOOT/BOOTX64.EFI 
 4. mount ./boot/efi.img
 5. sign in boot/efi BOOTX64.efi
 6. disable shim 2. and do black magic 3. in efi.img

 7. sign all efi stuff in the extracted file and in efi.img
 8. build uki : ukify build --linux=./boot/bzImage --initrd=./boot/initrd --cmdline='init=/nix/store/w7i8r00cdvg3r92kiqk7cbdqvdvcirwy-nixos-system-nixos-24.11.716947.26d499fc9f1d/init  root=LABEL=nixos-gnome-24.11-x86_64 boot.shell_on_fail elevator=noop nohibernate splash loglevel=4'
  cmdline could be find grub.cfg
 9. mv result into boot
 10. sign it!
 11. Maybe add grub
 menuentry 'NixOS 24.11.716947.26d499fc9f1d Secure Boot '  --class installer {
  terminal_output console

  chainloader /boot/nixos-kernel.efi
 }
 12. Don't forget to add in boot/efi.img
 13. make
 boot/bzImage=./boot/bzImage
 boot/initrd=./boot/initrd
 version.txt=./version.txt
 isolinux/background.png=./isolinux/background.png
 isolinux/isolinux.cfg=./isolinux/isolinux.cfg
 isolinux=./isolinux
 boot/efi.img=./boot/efi.img
 EFI=./EFI
 boot/grub=./boot/grub
 EFI/BOOT/efi-background.png=./EFI/BOOT/efi-background.png
 boot/memtest.bin=./boot/memtest.bin
 EFI/BOOT/grub-theme=./EFI/BOOT/grub-theme
 nix-store.squashfs=./nix-store.squashfs
 boot/nixos-kernel.efi=./boot/nixos-kernel.efi

 14. make iso
 #!/usr/bin/env bash

 xorriso -boot_image any gpt_disk_guid=59398950deb75a2f9b77e0a816fef124 \
  -volume_date all_file_dates =315532800 \
  -as mkisofs \
  -iso-level 3 \
  -volid nixos-gnome-24.11-x86_64  \
  -appid nixos \
  -publisher nixos \
  -graft-points \
  -full-iso9660-filenames \
  -joliet \
  -eltorito-boot isolinux/isolinux.bin \
  -eltorito-catalog .boot.cat \
  -no-emul-boot \
  -boot-load-size 4 \
  -boot-info-table \
  --sort-weight 1 /isolinux \
  -isohybrid-mbr ./isolinux/isohdpfx.bin \
  -eltorito-alt-boot \
  -e boot/efi.img \
  -no-emul-boot \
  -isohybrid-gpt-basdat \
  -r \
  -path-list pathlist \
  --sort-weight 0 / \
  -output nixos.iso 

  12. copy iso to usb key: sudo dd bs=4M conv=fsync oflag=direct status=progress if=./nixos.iso of=/dev/sda
	1. extract files
	2. disable shim : sudo grub-mkimage -o ./EFI/BOOT/BOOTX64.EFI -p /EFI/BOOT -O x86_64-efi --disable-shim-lock fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain halt efifwsetup efi_gop ls search search_label search_fs_uuid search_fs_file echo serial gfxmenu gfxterm gfxterm_background gfxterm_menu test loadenv all_video videoinfo png
	3. weird hack: sudo sed -i 's/SecureBoot/SecureB00t/' ./EFI/BOOT/BOOTX64.EFI
	4. mount ./boot/efi.img
	5. sign in boot/efi BOOTX64.efi
	6. disable shim 2. and do black magic 3. in efi.img

	7. sign all efi stuff in the extracted file and in efi.img
	8. build uki : ukify build --linux=./boot/bzImage --initrd=./boot/initrd --cmdline='init=/nix/store/w7i8r00cdvg3r92kiqk7cbdqvdvcirwy-nixos-system-nixos-24.11.716947.26d499fc9f1d/init root=LABEL=nixos-gnome-24.11-x86_64 boot.shell_on_fail elevator=noop nohibernate splash loglevel=4'
	cmdline could be find grub.cfg
	9. mv result into boot
	10. sign it!
	11. Maybe add grub
	menuentry 'NixOS 24.11.716947.26d499fc9f1d Secure Boot ' --class installer {
	terminal_output console

	chainloader /boot/nixos-kernel.efi
	}
	12. Don't forget to add in boot/efi.img
	13. make
	boot/bzImage=./boot/bzImage
	boot/initrd=./boot/initrd
	version.txt=./version.txt
	isolinux/background.png=./isolinux/background.png
	isolinux/isolinux.cfg=./isolinux/isolinux.cfg
	isolinux=./isolinux
	boot/efi.img=./boot/efi.img
	EFI=./EFI
	boot/grub=./boot/grub
	EFI/BOOT/efi-background.png=./EFI/BOOT/efi-background.png
	boot/memtest.bin=./boot/memtest.bin
	EFI/BOOT/grub-theme=./EFI/BOOT/grub-theme
	nix-store.squashfs=./nix-store.squashfs
	boot/nixos-kernel.efi=./boot/nixos-kernel.efi

	14. make iso
	#!/usr/bin/env bash

	xorriso -boot_image any gpt_disk_guid=59398950deb75a2f9b77e0a816fef124 \
	-volume_date all_file_dates =315532800 \
	-as mkisofs \
	-iso-level 3 \
	-volid nixos-gnome-24.11-x86_64 \
	-appid nixos \
	-publisher nixos \
	-graft-points \
	-full-iso9660-filenames \
	-joliet \
	-eltorito-boot isolinux/isolinux.bin \
	-eltorito-catalog .boot.cat \
	-no-emul-boot \
	-boot-load-size 4 \
	-boot-info-table \
	--sort-weight 1 /isolinux \
	-isohybrid-mbr ./isolinux/isohdpfx.bin \
	-eltorito-alt-boot \
	-e boot/efi.img \
	-no-emul-boot \
	-isohybrid-gpt-basdat \
	-r \
	-path-list pathlist \
	--sort-weight 0 / \
	-output nixos.iso

	12. copy iso to usb key: sudo dd bs=4M conv=fsync oflag=direct status=progress if=./nixos.iso of=/dev/sda