pyrox.dev
1# Bootspec {#sec-bootspec}
2
3Bootspec is a feature introduced in [RFC-0125](https://github.com/NixOS/rfcs/pull/125) in order to standardize bootloader support and advanced boot workflows such as SecureBoot and potentially more.
4The reference implementation can be found [here](https://github.com/NixOS/nixpkgs/pull/172237).
5
6The creation of bootspec documents is enabled by default.
7
8## Schema {#sec-bootspec-schema}
9
10The bootspec schema is versioned and validated against [a CUE schema file](https://cuelang.org/) which should considered as the source of truth for your applications.
11
12You will find the current version [here](../../../modules/system/activation/bootspec.cue).
13
14## Extensions mechanism {#sec-bootspec-extensions}
15
16Bootspec cannot account for all usecases.
17
18For this purpose, Bootspec offers a generic extension facility [`boot.bootspec.extensions`](options.html#opt-boot.bootspec.extensions) which can be used to inject any data needed for your usecases.
19
20An example for SecureBoot is to get the Nix store path to `/etc/os-release` in order to bake it into a unified kernel image:
21
22```nix
23{ config, lib, ... }: {
24 boot.bootspec.extensions = {
25 "org.secureboot.osRelease" = config.environment.etc."os-release".source;
26 };
27}
28```
29
30To reduce incompatibility and prevent names from clashing between applications, it is **highly recommended** to use a unique namespace for your extensions.
31
32## External bootloaders {#sec-bootspec-external-bootloaders}
33
34It is possible to enable your own bootloader through [`boot.loader.external.installHook`](options.html#opt-boot.loader.external.installHook) which can wrap an existing bootloader.
35
36Currently, there is no good story to compose existing bootloaders to enrich their features, e.g. SecureBoot, etc.
37It will be necessary to reimplement or reuse existing parts.