pyrox.dev
1# Experimental feature: Bootspec {#sec-experimental-bootspec}
2
3Bootspec is a experimental feature, introduced in the [RFC-0125 proposal](https://github.com/NixOS/rfcs/pull/125), the reference implementation can be found [there](https://github.com/NixOS/nixpkgs/pull/172237) in order to standardize bootloader support
4and advanced boot workflows such as SecureBoot and potentially more.
5
6You can enable the creation of bootspec documents through [`boot.bootspec.enable = true`](options.html#opt-boot.bootspec.enable), which will prompt a warning until [RFC-0125](https://github.com/NixOS/rfcs/pull/125) is officially merged.
7
8## Schema {#sec-experimental-bootspec-schema}
9
10The bootspec schema is versioned and validated against [a CUE schema file](https://cuelang.org/) which should considered as the source of truth for your applications.
11
12You will find the current version [here](../../../modules/system/activation/bootspec.cue).
13
14## Extensions mechanism {#sec-experimental-bootspec-extensions}
15
16Bootspec cannot account for all usecases.
17
18For this purpose, Bootspec offers a generic extension facility [`boot.bootspec.extensions`](options.html#opt-boot.bootspec.extensions) which can be used to inject any data needed for your usecases.
19
20An example for SecureBoot is to get the Nix store path to `/etc/os-release` in order to bake it into a unified kernel image:
21
22```nix
23{ config, lib, ... }: {
24 boot.bootspec.extensions = {
25 "org.secureboot.osRelease" = config.environment.etc."os-release".source;
26 };
27}
28```
29
30To reduce incompatibility and prevent names from clashing between applications, it is **highly recommended** to use a unique namespace for your extensions.
31
32## External bootloaders {#sec-experimental-bootspec-external-bootloaders}
33
34It is possible to enable your own bootloader through [`boot.loader.external.installHook`](options.html#opt-boot.loader.external.installHook) which can wrap an existing bootloader.
35
36Currently, there is no good story to compose existing bootloaders to enrich their features, e.g. SecureBoot, etc. It will be necessary to reimplement or reuse existing parts.